45 matches found
CVE-2019-0326
The connected records confirm a Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), affecting versions 4.1, 4.2, and 4.3. The root cause is insufficient encoding of user-controlled inputs, as described in multiple sources. Th...
CVE-2022-41203
CVE-2022-41203 affects SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad). An authenticated user with low privileges can trick the application by substituting a serialized parameter with a malicious serialized object, causing deserialization of untrusted data and impact...
CVE-2023-28765
CVE-2023-28765 concerns SAP BusinessObjects Business Intelligence Platform (Promotion Management) prior to patch versions; specifically 420 and 430. The root cause involves handling of the internal file lcmbiar , enabling a basic-privilege attacker to access and decrypt the file, potentially expo...
CVE-2023-40622
CVE-2023-40622 affects SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 and 430. The vulnerability allows an authenticated attacker to view restricted information, potentially leading to a full compromise of the application with high impacts to confidentialit...
CVE-2022-28214
CVE-2022-28214 affects SAP BusinessObjects Enterprise CMS (versions 420 and 430). During an update, authentication credentials are exposed in Sysmon event logs, causing Information Disclosure with high impact to Confidentiality, Integrity, and Availability. The NVD/NVD-derived metrics list CVSSv3...
CVE-2022-32245
CVE-2022-32245 affects SAP BusinessObjects Business Intelligence Platform (Open Document) versions 4.2.0x and 4.3.x (420–430). The root cause is an information-disclosure vulnerability that allows an unauthenticated attacker to retrieve plaintext data over the network, enabling viewing any data f...
CVE-2022-35296
SAP BusinessObjects Business Intelligence Platform Vulnerability (CVE-2022-35296) affects the Version Management System component. Affected: SAP BO BI Platform versions prior to 4.2 SP9 P10, 4.3 SP2 P7, or 4.3 SP3, where the Version Management System can disclose sensitive information to a remote...
CVE-2023-27894
CVE-2023-27894 affects SAP BusinessObjects BI Platform (Web Services) versions 420 and 430. The issue allows injecting arbitrary values into CMS parameters to perform internal-network lookups, enabling information disclosure and potential follow-on attacks (internal scanning, remote file inclusio...
CVE-2023-27896
CVE-2023-27896 affects SAP BusinessObjects BI Platform versions 420 and 430. The issue is a Server-Side Request Forgery (SSRF) where an attacker can control a malicious BOE server, causing the application server to connect to its own CMS. This leads to a high impact on availability. The descripti...
CVE-2023-31406
The CVE-2023-31406 issue affects SAP BusinessObjects BI Platform versions 420 and 430. It is caused by insufficient input validation, enabling an unauthenticated attacker to redirect users to a malicious/untrusted site via a crafted link. The impact is described as a limited degradation of confid...
CVE-2023-31404
CVE-2023-31404 – SAP BusinessObjects BI Platform, Central Management Service is affected in versions 420 and 430. The issue permits information disclosure where users with certain privileges may access other users’ credentials and restricted data sources due to conditions described in the SAP/BEP...
CVE-2023-37489
CVE-2023-37489 affects SAP BusinessObjects Business Intelligence Platform (Version Management System), version 403. The vulnerability arises from lack of input/validation that allows an unauthenticated user to read code snippets via the UI, resulting in low confidentiality impact with no effect o...
CVE-2022-41206
CVE-2022-41206 affects SAP BusinessObjects BI Platform (Analysis for OLAP) versions 4.2.0/4.3.0 (420, 430). The vulnerability arises from accepting user-controlled inputs when OLAP connections are created or edited in the Central Management Console, enabling an authenticated attacker with low pri...
CVE-2023-37490
The CVE-2023-37490 entry concerns SAP Business Objects Installer (versions 420, 430). A network-authenticated attacker can overwrite an executable file created in a temporary directory during installation and replace it with a malicious file, enabling a full compromise of confidentiality, integri...
CVE-2019-0346
The CVE-2019-0346 entry concerns SAP Business Objects Business Intelligence Platform (Central Management Console) v4.2, where an unencrypted communication error can disclose the list of user names and roles imported from SAP NetWeaver BI systems. The affected component is the Central Management C...
CVE-2022-32244
CVE-2022-32244 describes an authentication-related issue in SAP BusinessObjects BI Platform where an attacker authenticated as a CMS administrator can access and modify data in the BOE Commentary database. Under certain conditions and with high-privilege access on the same physical/logical networ...
CVE-2023-39440
CVE-2023-39440 (SAP BusinessObjects BI Platform Information Disclosure) Affected product: SAP BusinessObjects Business Intelligence Platform (version 420). Description in provided sources: when a user logs in to a specific program under certain conditions, memory may not be cleared properly, pote...
CVE-2018-2427
Public documents in the provided set do not disclose detailed technical specifics (affected components, root cause, or remediation) for CVE-2018-2427. Monitor for updates.
CVE-2019-0334
CVE-2019-0334 affects SAP BusinessObjects BI Platform (BI Workspace) versions 4.1, 4.2, and 4.3. The issue allows storing a malicious script during module creation, which, when executed, could enable a user to escalate privileges through session hijacking and expose sensitive information via Stor...
CVE-2021-21444
CVE-2021-21444 affects SAP Business Objects BI Platform versions 410, 420, and 430. The vulnerability stems from the response headers containing multiple X-Frame-Options entries, which may not be uniformly respected by all user agents, potentially nullifying the X-Frame-Options header and enablin...
CVE-2019-0269
CVE-2019-0269 describes a cross-site scripting vulnerability in SAP BusinessObjects BI Platform (BI Workspace) affecting versions 4.10 and 4.20 . It results from insufficient encoding of user-controlled inputs , enabling potential execution of arbitrary script in a user’s browser within the affec...
CVE-2023-30741
SAP BusinessObjects BI Platform (versions 420 and 430) is affected by CVE-2023-30741 due to insufficient input validation, enabling an unauthenticated attacker to redirect users to a malicious site and potentially view/modify information, with limited impact on confidentiality and integrity. Reme...
CVE-2022-39800
CVE-2022-39800 - SAP BusinessObjects BI LaunchPad affects SAP BusinessObjects BI LaunchPad versions 420 and 430. The issue is a script execution vulnerability caused by improper sanitization of user inputs during network interaction, exploitable by an unauthenticated attacker to view or modify in...
CVE-2024-37179
SA P BusinessObjects BI Platform Web Intelligence is affected by an authenticated-file-download vulnerability. A logged-in user can send a crafted request to the Web Intelligence Reporting Server to download arbitrary files from the host machine, exposing confidentiality without impacting integri...
CVE-2025-23192
CVE-2025-23192 - SAP BusinessObjects BI Workspace is described as an unauthenticated cross-site scripting (XSS) vulnerability where an attacker can craft and store malicious scripts in a BI workspace; when victims load the workspace, the script can access session data and affect confidentiality (...
CVE-2019-0332
CVE-2019-0332 affects SAP BusinessObjects BI Platform (Info View), versions 4.1, 4.2, and 4.3. The vulnerability allows an attacker to supply a payload as a search keyword, which is executed during the search action, resulting in Cross-Site Scripting (XSS). Root cause: inadequate input handling i...
CVE-2023-36917
SAP BusinessObjects Business Intelligence Platform versions 420 and 430 are affected by an authentication bypass where an attacker who hijacks a user session can brute-force the victim’s old password due to an unrestricted rate limit on the password-change function. The attack, as described in th...
CVE-2019-0268
CVE-2019-0268 affects SAP BusinessObjects Business Intelligence Platform (CMC Module) versions 4.10, 4.20 and 4.30. The root cause is inadequate validation of an XML document received from an untrusted source, exposing an XML External Entity-style weakness. Documents in connected sources corrobor...
CVE-2019-0335
SAP BusinessObjects BI Platform Central Management Console (versions 4.1–4.3) is affected by a stored XSS in the user description field. An attacker can store a payload in a user’s description that executes when the mouse hovers over the description in the UI’s info popup. The available documents...
CVE-2018-2442
Summary of CVE-2018-2442 : In SAP BusinessObjects BI (versions 4.0–4.2), viewing a Web Intelligence report from BI Launchpad can reveal session details captured by an HTTP analysis tool, which may be reused in an HTML page while the user session remains valid. This describes a cross‑site request ...
CVE-2019-0348
CVE-2019-0348 affects SAP BusinessObjects Business Intelligence Platform (Web Intelligence) for versions 4.1 and 4.2. The vulnerability involves accessing the database through an unencrypted connection, despite protection expectations that data be encrypted. The connected Red Hat, CNVD, CVE lists...
CVE-2019-0331
SAP BusinessObjects BI Platform (BI Workspace) versions 4.1, 4.2, and 4.3 are associated with CVE-2019-0331, indicating an information disclosure vulnerability where an attacker may access sensitive data such as directory structure. The connected records confirm the affected product and versions ...
CVE-2021-21447
CVE-2021-21447 affects SAP BusinessObjects BI Platform 4.1/4.2 (versions 4.1 < SP12 P9, 4.2 < SP8 P5 or
CVE-2021-33697
CVE-2021-33697 affects SAP BusinessObjects BI Platform SAPUI5 (versions 420 and 430). The issue is a reverse tabnabbing vulnerability allowing an unauthenticated attacker to redirect users to a malicious site. Public exploitation details aren’t provided in the supplied documents. No remediation s...
CVE-2019-0333
CVE-2019-0333 affects SAP BusinessObjects BI Platform (Web Intelligence) in versions 4.2 and 4.3. The root issue is triggered when a client cancels a query, allowing an attacker to query and retrieve the entire data set beyond their authorized security profile, causing information disclosure. The...
CVE-2018-2432
CVE-2018-2432 affects SAP BusinessObjects BI Launchpad and Central Management Console (versions 4.10, 4.20, 4.30). The issue allows an attacker to include invalid data in the HTTP response header sent to a web user, enabling cross-site scripting and page hijacking as stated in the public descript...
CVE-2018-2447
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence) 4.2 is affected by CVE-2018-2447. The vulnerability allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. Root cause is not fully detailed in the provided sources, but the impact is d...
CVE-2023-30740
SAP BusinessObjects Business Intelligence Platform versions 420 and 430 are affected by CVE-2023-30740, where an authenticated attacker can access restricted sensitive information, causing high confidentiality impact with limited integrity/availability impact. RedHat and other sources confirm the...
CVE-2018-2473
CVE-2018-2473 affects SAP BusinessObjects Business Intelligence Platform Server (versions 4.1 and 4.2) when using Web Intelligence Rich Client 3-tier gateway. The vulnerability enables an attacker to prevent legitimate users from accessing a service, either by crashing or flooding it, implying a ...
CVE-2021-33696
CVE-2021-33696 affects SAP BusinessObjects Business Intelligence Platform (Crystal Report) with vulnerable versions 420 and 430. The root cause is insufficient encoding of user-controlled inputs, enabling an XSS vulnerability that can cause non-permanent defacement or modification of displayed co...
CVE-2018-2445
CVE-2018-2445 affects SAP BusinessObjects BI Admin Tools in SAP BI Platform (versions 4.1 and 4.2). The vulnerability is a Server-Side Request Forgery (SSRF) allowing an attacker to manipulate the application to send crafted requests on its behalf. CVSS details indicate high impact to confidentia...
CVE-2018-2483
SAP BusinessObjects BI Platform CMC (versions 4.1 and 4.2) is affected by HTTP Verb Tampering caused by how request methods can be manipulated. Vulnerable component: Central Management Console. Reported impact includes bypassing security restrictions and tampering with HTTP verbs. No explicit exp...
CVE-2018-2446
SAP BusinessObjects BI Admin Tools (v4.1, v4.2) contains an information-disclosure issue where an unauthenticated user can read the server name. The root cause and exact impact are described as information disclosure in multiple sources, but the documents do not provide exploit specifics, affecte...
CVE-2023-28762
Affected product: SAP BusinessObjects Business Intelligence Platform (versions 420 and 430). Vulnerability summary: An authenticated attacker with administrator privileges can obtain the login token of any logged-in BI user over the network without user interaction, enabling impersonation of any ...
CVE-2018-2431
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, contains an XSS vulnerability caused by insufficient encoding of user-controlled inputs. The root cause is improper encoding in the affected web-facing components, enabling cross-site scripting. The connected documents do no...