Lucene search
K
SapBusinessobjects Business Intelligence Platform

73 matches found

CVE
CVE
added 2022/04/12 4:11 p.m.742 views

CVE-2022-28213

CVE-2022-28213 concerns SAP BusinessObjects BI Platform (SOAP Web services) where XML input from an untrusted source is insufficiently validated, enabling XML External Entity (XXE) style behavior. Public entries identify affected releases as SAP BusinessObjects BI Platform 4.2/4.3; the issue can ...

8.1CVSS8.1AI score0.12476EPSS
CVE
CVE
added 2020/10/20 1:31 p.m.134 views

CVE-2020-6308

Summary (CVE-2020-6308) : SAP BusinessObjects Business Intelligence Platform (Web Services) versions 410, 420, and 430 are reported to be vulnerable to a blind Server-Side Request Forgery (SSRF). An unauthenticated attacker can inject arbitrary values into CMS parameters to perform lookups on the...

5.3CVSS5.7AI score0.61736EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.102 views

CVE-2022-27671

CVE-2022-27671 affects SAP BusinessObjects Business Intelligence Platform (SAP BI Platform). The vulnerability arises from a CSRF token visible in URLs, which may allow information disclosure. Public references in the CVE describe this cross-site request forgery vector and its potential to expose...

6.5CVSS6.3AI score0.01241EPSS
CVE
CVE
added 2019/12/11 9:35 p.m.95 views

CVE-2019-0398

SAP BusinessObjects BI Platform Monitoring Application (versions

8.8CVSS8.5AI score0.00454EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.92 views

CVE-2022-27667

CVE-2022-27667 affects SAP BusinessObjects BI Platform, Client Management Console (CMC) in version 430, enabling information disclosure due to an underlying access-control condition under specific circumstances. Affected product/version: SAP BusinessObjects BI Platform with CMC 430. Impact: attac...

7.5CVSS7.3AI score0.01307EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.87 views

CVE-2022-28216

CVE-2022-28216 concerns SAP BusinessObjects BI Platform (BI Workspace) v420, where an unauthenticated attacker can trigger a cross-site scripting (XSS) vulnerability due to improper user-input sanitization over the network. Exploitation could allow an attacker to access certain reports, implying ...

6.1CVSS6.1AI score0.00802EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.86 views

CVE-2022-22541

Technical details beyond the SAP BusinessObjects disclosure description are not provided in the connected documents. No explicit root cause, affected components, or mitigations are listed. Monitor for updates and official advisories.

6.5CVSS6.3AI score0.00761EPSS
CVE
CVE
added 2020/04/14 7:36 p.m.83 views

CVE-2020-6195

The CVE-2020-6195 entry applies to SAP Business Objects Business Intelligence Platform (CMC) versions 4.1 and 4.2, where the response can contain a cleartext password. The underlying issue is information disclosure via exposed credentials, which, if exploited via social engineering to obtain a pa...

9.8CVSS9.5AI score0.00628EPSS
CVE
CVE
added 2025/01/14 12:9 a.m.83 views

CVE-2025-0061

SAP BusinessObjects Business Intelligence Platform is affected by CVE-2025-0061, an unauthenticated information-disclosure vulnerability that enables session hijacking over the network. The issue allows an attacker to access and modify all data in the application without user interaction. Impact ...

9.1CVSS8.3AI score0.00487EPSS
CVE
CVE
added 2022/07/12 8:26 p.m.82 views

CVE-2022-29619

SAP BusinessObjects Business Intelligence Platform (4.x; v4.2.0 and v4.3.0) contains an authorization flaw where an Administrator can view, edit or modify rights of objects it does not own and that would normally be restricted. Root cause: incorrect access control for object rights, enabling priv...

6.5CVSS6.4AI score0.00821EPSS
CVE
CVE
added 2020/02/12 7:45 p.m.80 views

CVE-2020-6189

CVE-2020-6189 affects SAP Business Objects Business Intelligence Platform (CMC) 4.2. The issue arises from certain settings pages generating error messages that can disclose enterprise private-network information that should be restricted, leading to information disclosure. The available document...

5.3CVSS5.1AI score0.00878EPSS
CVE
CVE
added 2023/02/14 3:8 a.m.79 views

CVE-2023-0020

CVE-2023-0020 affects SAP BusinessObjects BI Platform versions 4.2 (420) and 4.3 (430). An authenticated attacker can access information that is normally restricted, resulting in high confidentiality impact and limited integrity impact as described in multiple sources. The connected reports consi...

8.5CVSS6.6AI score0.00522EPSS
CVE
CVE
added 2022/07/12 8:28 p.m.78 views

CVE-2022-35169

SAP BusinessObjects Business Intelligence Platform (LCM) versions 420 and 430 are affected by CVE-2022-35169, where an administrator can read and decrypt the LCMBIAR file password under certain conditions. This could lead to password modification or importing the file into another system, with hi...

6.5CVSS5.9AI score0.00627EPSS
CVE
CVE
added 2019/12/11 9:34 p.m.77 views

CVE-2019-0395

CVE-2019-0395 affects SAP BusinessObjects BI Platform (Fiori BI Launchpad) prior to 4.2. It enables a Stored Cross-Site Scripting (XSS) vulnerability by allowing JavaScript execution in a text module, due to insufficient sanitization/validation of client-side data in the web app. Impact: attacker...

5.4CVSS5.4AI score0.00733EPSS
CVE
CVE
added 2022/07/12 8:28 p.m.77 views

CVE-2022-35228

SAP BusinessObjects Central Management Console (CMC) is affected by CVE-2022-35228. The issue allows an unauthenticated attacker to retrieve token information over the network under conditions where a legitimate user accesses the application and a local compromise (e.g., sniffing or social engine...

8.8CVSS8.3AI score0.00539EPSS
CVE
CVE
added 2020/04/14 6:18 p.m.75 views

CVE-2020-6222

CVE-2020-6222 affects SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) versions 4.1 and 4.2. The issue is due to insufficient encoding of user-controlled inputs, causing Cross-Site Scripting (XSS). The vulnerability’s impact is described as low to medium depen...

5.4CVSS5.3AI score0.0067EPSS
CVE
CVE
added 2020/04/14 6:33 p.m.75 views

CVE-2020-6226

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface (v4.2) is affected by an XSS vulnerability due to insufficient encoding of user-controlled inputs. Cited sources describe the vulnerability as cross-site scripting affecting the Web Intelligence HTML interface; no...

5.4CVSS5.3AI score0.00648EPSS
CVE
CVE
added 2023/01/10 3:25 a.m.73 views

CVE-2023-0022

CVE-2023-0022 pertains to SAP BusinessObjects BI Analysis edition for OLAP. The vulnerability is a code-injection flaw that can be exploited by an authenticated attacker over the network to inject and execute malicious code within the application, with the potential to fully compromise the system...

9.9CVSS8.7AI score0.00743EPSS
CVE
CVE
added 2020/04/14 6:19 p.m.72 views

CVE-2020-6219

CVE-2020-6219 affects SAP Business Objects BI Platform components including CrystalReports WebForm Viewer (SAP Crystal Reports for VS 2010) and Crystal Reports Platform versions 4.1/4.2. The root cause is a deserialization of untrusted data vulnerability that an attacker with basic authorization ...

9.1CVSS8.6AI score0.01266EPSS
CVE
CVE
added 2023/02/14 3:19 a.m.72 views

CVE-2023-24530

CVE-2023-24530 affects SAP BusinessObjects BI Platform (CMC) versions 420 and 430. An authenticated admin can upload malicious code that the application can execute over the network, potentially leading to complete compromise of the application and high impact on confidentiality, integrity, and a...

9.1CVSS9.1AI score0.00555EPSS
CVE
CVE
added 2024/05/14 3:51 a.m.72 views

CVE-2024-28165

CVE-2024-28165 affects SAP BusinessObjects Business Intelligence Platform. It is a stored XSS vulnerability where an attacker manipulates the Opendocument URL parameter due to input validation issues, with high impact on confidentiality and integrity. Exploitation would require a user to click a ...

9.3CVSS5.8AI score0.00565EPSS
CVE
CVE
added 2020/04/14 7:42 p.m.71 views

CVE-2020-6211

CVE-2020-6211 affects SAP Business Objects BI Platform AdminTools (versions 4.1 and 4.2). The vulnerability is a URL Redirection flaw caused by insufficient URL validation, enabling an attacker to redirect users to a malicious site and potentially steal credentials. Exploitation details, affected...

6.1CVSS6.2AI score0.00655EPSS
CVE
CVE
added 2020/05/12 5:50 p.m.71 views

CVE-2020-6251

Technical details about CVE-2020-6251 are not publicly available in the provided documents; no concrete affected products, versions, or remediation are specified. Monitor for updates.

6.5CVSS6.3AI score0.00782EPSS
CVE
CVE
added 2020/05/12 5:53 p.m.71 views

CVE-2020-6257

CVE-2020-6257 affects SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2. The vulnerability stems from insufficient encoding of user-controlled inputs, leading to Cross-Site Scripting. The connected documents corroborate this across multiple sources (NVD, Red Hat, CNVD...

5.4CVSS5.4AI score0.00536EPSS
CVE
CVE
added 2019/09/10 4:3 p.m.70 views

CVE-2019-0352

In SAP BusinessObjects BI Platform (pre-4.1/4.2/4.3), dynamic pages (e.g., JSP) are cached, enabling an attacker to view cached, sensitive information and access dynamic pages even after logout. The available sources describe this as an information-disclosure issue but do not provide remediation ...

7.5CVSS7.3AI score0.01082EPSS
CVE
CVE
added 2023/03/14 5:1 a.m.70 views

CVE-2023-27271

CVE-2023-27271 affects SAP BusinessObjects Business Intelligence Platform (Web Services) versions 420 and 430. The vulnerability enables an attacker to control a malicious BOE server, forcing the application server to connect to its own admintools, leading to high availability impact. The connect...

7.5CVSS6.8AI score0.0057EPSS
CVE
CVE
added 2020/04/14 6:7 p.m.69 views

CVE-2020-6221

The CVE-2020-6221 issue affects SAP Business Objects Business Intelligence Platform, specifically the Web Intelligence HTML interface, versions 4.1 and 4.2. The root cause is insufficient encoding of user-controlled inputs, leading to Cross-Site Scripting (XSS). The connected documents consistent...

5.4CVSS5.3AI score0.00648EPSS
CVE
CVE
added 2020/04/14 6:7 p.m.68 views

CVE-2020-6216

The CVE pertains to SAP Business Objects BI Platform (BI Launchpad) v4.2, where user-controlled inputs are not sufficiently encoded, causing a reflected XSS vulnerability. Root cause: insufficient input encoding in outputs. Impact is reflected XSS; exploitation details are not provided in the doc...

6.1CVSS6AI score0.00654EPSS
CVE
CVE
added 2020/04/14 6:32 p.m.67 views

CVE-2020-6231

CVE-2020-6231 affects SAP Business Objects Business Intelligence Platform — Web Intelligence HTML interface, version 4.2. The vulnerability is an XSS due to insufficient encoding of user-controlled inputs in the web interface. Root cause: input not properly encoded; impact: cross-site scripting. ...

5.4CVSS5.3AI score0.00648EPSS
CVE
CVE
added 2020/05/12 5:49 p.m.67 views

CVE-2020-6245

SAP Business Objects Business Intelligence Platform 4.2 is affected by CVE-2020-6245, where an attacker with local access can inject a file or code that the application executes due to Improper Control of Resource Identifiers. The condition allows local, low-attack-skill exploitation that can lea...

6.7CVSS6.5AI score0.00335EPSS
CVE
CVE
added 2020/05/12 5:49 p.m.67 views

CVE-2020-6247

CVE-2020-6247 affects SAP Business Objects BI Platform, version 4.2. An unauthenticated attacker can send specially crafted requests to crash or flood the Central Management Server, impacting system availability. The available connected documents corroborate the impact (availability disruption) a...

7.5CVSS7.5AI score0.01048EPSS
CVE
CVE
added 2023/01/10 3:21 a.m.67 views

CVE-2023-0018

CVE-2023-0018 concerns SAP BusinessObjects Business Intelligence Platform CMC. The vulnerability arises from improper input sanitization of user-controlled input in versions 420 and 430, enabling an attacker with basic user-level privileges to modify or upload crystal reports containing a malicio...

10CVSS6.3AI score0.00533EPSS
CVE
CVE
added 2019/10/08 7:21 p.m.65 views

CVE-2019-0374

SAP BusinessObjects BI Platform (Web Intelligence HTML interface) is affected by CVE-2019-0374. Versions prior to 4.2 and 4.3 fail to properly encode user-controlled inputs, allowing scripts to be executed in chart titles and resulting in reflected Cross-Site Scripting. Root cause: insufficient e...

5.4CVSS5.4AI score0.00733EPSS
CVE
CVE
added 2020/04/14 6:6 p.m.64 views

CVE-2020-6218

The CVE-2020-6218 entry concerns SAP Business Objects Business Intelligence Platform, with vulnerable components/areas in Admin tools and Query Builder. Affected versions are 4.1 and 4.2. The description indicates an information disclosure risk where an attacker can access information that should...

5CVSS5AI score0.00905EPSS
CVE
CVE
added 2020/05/12 5:58 p.m.64 views

CVE-2020-6242

CVE-2020-6242 affects SAP Business Objects BI Platform (Live Data Connect) and its BIPRWS app server, with vulnerability in authentication due to missing check when a specific certificate protection is not applied. Impact: attackers could log into the Central Management Console without a password...

9.8CVSS9.4AI score0.00844EPSS
CVE
CVE
added 2025/02/11 12:33 a.m.64 views

CVE-2025-0064

CVE-2025-0064 concerns the SAP BusinessObjects BI Platform, specifically the Central Management Console. Under certain conditions, an attacker with admin rights can generate or retrieve a secret passphrase, enabling impersonation of any user in the system. Reported impact targets confidentiality ...

8.7CVSS8.5AI score0.0036EPSS
CVE
CVE
added 2025/04/08 7:15 a.m.64 views

CVE-2025-31332

CVE-2025-31332 concerns insecure file permissions in SAP BusinessObjects Business Intelligence Platform. A local attacker could modify files, potentially disrupting operations or causing service downtime, leading to high impact on integrity and availability . The vulnerability does not disclose s...

7.1CVSS6.8AI score0.00134EPSS
CVE
CVE
added 2020/04/14 6:19 p.m.62 views

CVE-2020-6227

CVE-2020-6227 affects SAP Business Objects Business Intelligence Platform (CMS / Auditing) v4.2. The issue arises from improper input validation, allowing an attacker to send specially crafted GIOP packets to multiple services and forge additional entries in GLF log files. The available documents...

7.5CVSS7.4AI score0.0086EPSS
CVE
CVE
added 2024/12/10 12:11 a.m.62 views

CVE-2024-32732

CVE-2024-32732 concerns an information disclosure in SAP BusinessObjects Business Intelligence Platform. Connected sources provide concrete technical detail: the vulnerability allows an attacker to access information that should be restricted, with a low confidentiality impact and no impact on in...

5.3CVSS5.4AI score0.00309EPSS
CVE
CVE
added 2019/10/08 7:22 p.m.61 views

CVE-2019-0375

CVE-2019-0375 affects SAP BusinessObjects BI Platform (Web Intelligence HTML interface). The issue is caused by insufficient encoding of user-controlled inputs, allowing reflected Cross-Site Scripting via the export dialog box for report names in versions prior to 4.2 and 4.3. The connected docum...

5.4CVSS5.6AI score0.00733EPSS
CVE
CVE
added 2019/11/13 10:18 p.m.61 views

CVE-2019-0396

SAP BusinessObjects BI Platform Web Intelligence HTML interface is affected by CVE-2019-0396 due to insufficient validation of an XML document from untrusted sources. The issue allows an attacker to craft XML with malicious elements that bypass filtering in certain workflows. Affected versions: 4...

7.1CVSS6.8AI score0.00897EPSS
CVE
CVE
added 2019/10/08 7:25 p.m.60 views

CVE-2019-0378

Summary: CVE-2019-0378 affects SAP BusinessObjects BI Platform (Web Intelligence HTML interface) prior to version 4.2. The issue is due to insufficient encoding of user-controlled inputs, enabling an attacker to store malicious scripts in the filename of a background image, resulting in a Stored ...

5.4CVSS5.3AI score0.00526EPSS
CVE
CVE
added 2021/09/14 11:19 a.m.60 views

CVE-2021-33679

The CVE-2021-33679 entry affects SAP BusinessObjects BI Platform 420. An attacker with basic access can inject a stored script when creating a new module document, file, or folder; when other users visit the page, the script executes in their session, compromising confidentiality and integrity. N...

5.4CVSS5.5AI score0.00473EPSS
CVE
CVE
added 2024/06/11 2:20 a.m.60 views

CVE-2024-34684

CVE-2024-34684 affects SAP BusinessObjects Business Intelligence Platform (Scheduling) on Unix. An authenticated attacker with local administrator access can access the password of a local account, enabling retrieval of non-administrative credentials and allowing read/modify of remote server file...

6CVSS4.4AI score0.00143EPSS
CVE
CVE
added 2019/10/08 7:23 p.m.59 views

CVE-2019-0376

SAP BusinessObjects BI Platform (Web Intelligence HTML interface) is affected by CVE-2019-0376. Affected versions are before 4.2 and 4.3, where user input in publication names is not sufficiently encoded, enabling stored cross-site scripting: an attacker can save malicious scripts in a publicatio...

5.4CVSS5.3AI score0.00526EPSS
CVE
CVE
added 2022/09/13 3:43 p.m.59 views

CVE-2022-39014

CVE-2022-39014 affects SAP BusinessObjects BI Platform Central Management Console (CMC) 430. The issue is an information-disclosure vulnerability: under certain conditions an attacker could access unencrypted sensitive parameters that should be restricted. The public documents indicate the root c...

5.3CVSS5.2AI score0.00369EPSS
CVE
CVE
added 2020/07/14 12:30 p.m.58 views

CVE-2020-6278

CVE-2020-6278 affects SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), specifically versions 4.1 and 4.2. The root cause is a lack of proper validation of client-side data in the WEB application, enabling stored cross-site scripting. An attacker can embed malicious scri...

5.4CVSS5.3AI score0.00536EPSS
CVE
CVE
added 2024/05/14 4:0 a.m.58 views

CVE-2024-33004

CVE-2024-33004 affects SAP Business Objects Business Intelligence Platform. The issue is insecure storage: dynamic web pages are cached after logout, allowing an attacker to view cached pages and open them, with a limited impact on confidentiality, integrity and availability. The initial descript...

4.3CVSS6.6AI score0.00245EPSS
CVE
CVE
added 2023/09/12 1:58 a.m.57 views

CVE-2023-42472

CVE-2023-42472 affects SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface (v420). Root cause: insufficient file type validation during image file upload, enabling an authenticated attacker to intercept requests and modify content type/extension to read/modify sensi...

8.7CVSS7.2AI score0.00502EPSS
CVE
CVE
added 2020/04/14 6:7 p.m.56 views

CVE-2020-6223

The CVE-2020-6223 entry affects SAP Business Objects Business Intelligence Platform (versions 4.1 and 4.2). The vulnerability allows an attacker to modify certain error pages rendered by the application, enabling Content Spoofing that could misdirect users. The available connected documents reaff...

6.1CVSS6.1AI score0.00655EPSS
Total number of security vulnerabilities73