73 matches found
CVE-2022-28213
CVE-2022-28213 concerns SAP BusinessObjects BI Platform (SOAP Web services) where XML input from an untrusted source is insufficiently validated, enabling XML External Entity (XXE) style behavior. Public entries identify affected releases as SAP BusinessObjects BI Platform 4.2/4.3; the issue can ...
CVE-2020-6308
Summary (CVE-2020-6308) : SAP BusinessObjects Business Intelligence Platform (Web Services) versions 410, 420, and 430 are reported to be vulnerable to a blind Server-Side Request Forgery (SSRF). An unauthenticated attacker can inject arbitrary values into CMS parameters to perform lookups on the...
CVE-2022-27671
CVE-2022-27671 affects SAP BusinessObjects Business Intelligence Platform (SAP BI Platform). The vulnerability arises from a CSRF token visible in URLs, which may allow information disclosure. Public references in the CVE describe this cross-site request forgery vector and its potential to expose...
CVE-2019-0398
SAP BusinessObjects BI Platform Monitoring Application (versions
CVE-2022-27667
CVE-2022-27667 affects SAP BusinessObjects BI Platform, Client Management Console (CMC) in version 430, enabling information disclosure due to an underlying access-control condition under specific circumstances. Affected product/version: SAP BusinessObjects BI Platform with CMC 430. Impact: attac...
CVE-2022-28216
CVE-2022-28216 concerns SAP BusinessObjects BI Platform (BI Workspace) v420, where an unauthenticated attacker can trigger a cross-site scripting (XSS) vulnerability due to improper user-input sanitization over the network. Exploitation could allow an attacker to access certain reports, implying ...
CVE-2022-22541
Technical details beyond the SAP BusinessObjects disclosure description are not provided in the connected documents. No explicit root cause, affected components, or mitigations are listed. Monitor for updates and official advisories.
CVE-2020-6195
The CVE-2020-6195 entry applies to SAP Business Objects Business Intelligence Platform (CMC) versions 4.1 and 4.2, where the response can contain a cleartext password. The underlying issue is information disclosure via exposed credentials, which, if exploited via social engineering to obtain a pa...
CVE-2025-0061
SAP BusinessObjects Business Intelligence Platform is affected by CVE-2025-0061, an unauthenticated information-disclosure vulnerability that enables session hijacking over the network. The issue allows an attacker to access and modify all data in the application without user interaction. Impact ...
CVE-2022-29619
SAP BusinessObjects Business Intelligence Platform (4.x; v4.2.0 and v4.3.0) contains an authorization flaw where an Administrator can view, edit or modify rights of objects it does not own and that would normally be restricted. Root cause: incorrect access control for object rights, enabling priv...
CVE-2020-6189
CVE-2020-6189 affects SAP Business Objects Business Intelligence Platform (CMC) 4.2. The issue arises from certain settings pages generating error messages that can disclose enterprise private-network information that should be restricted, leading to information disclosure. The available document...
CVE-2023-0020
CVE-2023-0020 affects SAP BusinessObjects BI Platform versions 4.2 (420) and 4.3 (430). An authenticated attacker can access information that is normally restricted, resulting in high confidentiality impact and limited integrity impact as described in multiple sources. The connected reports consi...
CVE-2022-35169
SAP BusinessObjects Business Intelligence Platform (LCM) versions 420 and 430 are affected by CVE-2022-35169, where an administrator can read and decrypt the LCMBIAR file password under certain conditions. This could lead to password modification or importing the file into another system, with hi...
CVE-2019-0395
CVE-2019-0395 affects SAP BusinessObjects BI Platform (Fiori BI Launchpad) prior to 4.2. It enables a Stored Cross-Site Scripting (XSS) vulnerability by allowing JavaScript execution in a text module, due to insufficient sanitization/validation of client-side data in the web app. Impact: attacker...
CVE-2022-35228
SAP BusinessObjects Central Management Console (CMC) is affected by CVE-2022-35228. The issue allows an unauthenticated attacker to retrieve token information over the network under conditions where a legitimate user accesses the application and a local compromise (e.g., sniffing or social engine...
CVE-2020-6222
CVE-2020-6222 affects SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) versions 4.1 and 4.2. The issue is due to insufficient encoding of user-controlled inputs, causing Cross-Site Scripting (XSS). The vulnerability’s impact is described as low to medium depen...
CVE-2020-6226
SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface (v4.2) is affected by an XSS vulnerability due to insufficient encoding of user-controlled inputs. Cited sources describe the vulnerability as cross-site scripting affecting the Web Intelligence HTML interface; no...
CVE-2023-0022
CVE-2023-0022 pertains to SAP BusinessObjects BI Analysis edition for OLAP. The vulnerability is a code-injection flaw that can be exploited by an authenticated attacker over the network to inject and execute malicious code within the application, with the potential to fully compromise the system...
CVE-2020-6219
CVE-2020-6219 affects SAP Business Objects BI Platform components including CrystalReports WebForm Viewer (SAP Crystal Reports for VS 2010) and Crystal Reports Platform versions 4.1/4.2. The root cause is a deserialization of untrusted data vulnerability that an attacker with basic authorization ...
CVE-2023-24530
CVE-2023-24530 affects SAP BusinessObjects BI Platform (CMC) versions 420 and 430. An authenticated admin can upload malicious code that the application can execute over the network, potentially leading to complete compromise of the application and high impact on confidentiality, integrity, and a...
CVE-2024-28165
CVE-2024-28165 affects SAP BusinessObjects Business Intelligence Platform. It is a stored XSS vulnerability where an attacker manipulates the Opendocument URL parameter due to input validation issues, with high impact on confidentiality and integrity. Exploitation would require a user to click a ...
CVE-2020-6211
CVE-2020-6211 affects SAP Business Objects BI Platform AdminTools (versions 4.1 and 4.2). The vulnerability is a URL Redirection flaw caused by insufficient URL validation, enabling an attacker to redirect users to a malicious site and potentially steal credentials. Exploitation details, affected...
CVE-2020-6251
Technical details about CVE-2020-6251 are not publicly available in the provided documents; no concrete affected products, versions, or remediation are specified. Monitor for updates.
CVE-2020-6257
CVE-2020-6257 affects SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2. The vulnerability stems from insufficient encoding of user-controlled inputs, leading to Cross-Site Scripting. The connected documents corroborate this across multiple sources (NVD, Red Hat, CNVD...
CVE-2019-0352
In SAP BusinessObjects BI Platform (pre-4.1/4.2/4.3), dynamic pages (e.g., JSP) are cached, enabling an attacker to view cached, sensitive information and access dynamic pages even after logout. The available sources describe this as an information-disclosure issue but do not provide remediation ...
CVE-2023-27271
CVE-2023-27271 affects SAP BusinessObjects Business Intelligence Platform (Web Services) versions 420 and 430. The vulnerability enables an attacker to control a malicious BOE server, forcing the application server to connect to its own admintools, leading to high availability impact. The connect...
CVE-2020-6221
The CVE-2020-6221 issue affects SAP Business Objects Business Intelligence Platform, specifically the Web Intelligence HTML interface, versions 4.1 and 4.2. The root cause is insufficient encoding of user-controlled inputs, leading to Cross-Site Scripting (XSS). The connected documents consistent...
CVE-2020-6216
The CVE pertains to SAP Business Objects BI Platform (BI Launchpad) v4.2, where user-controlled inputs are not sufficiently encoded, causing a reflected XSS vulnerability. Root cause: insufficient input encoding in outputs. Impact is reflected XSS; exploitation details are not provided in the doc...
CVE-2020-6231
CVE-2020-6231 affects SAP Business Objects Business Intelligence Platform — Web Intelligence HTML interface, version 4.2. The vulnerability is an XSS due to insufficient encoding of user-controlled inputs in the web interface. Root cause: input not properly encoded; impact: cross-site scripting. ...
CVE-2020-6245
SAP Business Objects Business Intelligence Platform 4.2 is affected by CVE-2020-6245, where an attacker with local access can inject a file or code that the application executes due to Improper Control of Resource Identifiers. The condition allows local, low-attack-skill exploitation that can lea...
CVE-2020-6247
CVE-2020-6247 affects SAP Business Objects BI Platform, version 4.2. An unauthenticated attacker can send specially crafted requests to crash or flood the Central Management Server, impacting system availability. The available connected documents corroborate the impact (availability disruption) a...
CVE-2023-0018
CVE-2023-0018 concerns SAP BusinessObjects Business Intelligence Platform CMC. The vulnerability arises from improper input sanitization of user-controlled input in versions 420 and 430, enabling an attacker with basic user-level privileges to modify or upload crystal reports containing a malicio...
CVE-2019-0374
SAP BusinessObjects BI Platform (Web Intelligence HTML interface) is affected by CVE-2019-0374. Versions prior to 4.2 and 4.3 fail to properly encode user-controlled inputs, allowing scripts to be executed in chart titles and resulting in reflected Cross-Site Scripting. Root cause: insufficient e...
CVE-2020-6218
The CVE-2020-6218 entry concerns SAP Business Objects Business Intelligence Platform, with vulnerable components/areas in Admin tools and Query Builder. Affected versions are 4.1 and 4.2. The description indicates an information disclosure risk where an attacker can access information that should...
CVE-2020-6242
CVE-2020-6242 affects SAP Business Objects BI Platform (Live Data Connect) and its BIPRWS app server, with vulnerability in authentication due to missing check when a specific certificate protection is not applied. Impact: attackers could log into the Central Management Console without a password...
CVE-2025-0064
CVE-2025-0064 concerns the SAP BusinessObjects BI Platform, specifically the Central Management Console. Under certain conditions, an attacker with admin rights can generate or retrieve a secret passphrase, enabling impersonation of any user in the system. Reported impact targets confidentiality ...
CVE-2025-31332
CVE-2025-31332 concerns insecure file permissions in SAP BusinessObjects Business Intelligence Platform. A local attacker could modify files, potentially disrupting operations or causing service downtime, leading to high impact on integrity and availability . The vulnerability does not disclose s...
CVE-2020-6227
CVE-2020-6227 affects SAP Business Objects Business Intelligence Platform (CMS / Auditing) v4.2. The issue arises from improper input validation, allowing an attacker to send specially crafted GIOP packets to multiple services and forge additional entries in GLF log files. The available documents...
CVE-2024-32732
CVE-2024-32732 concerns an information disclosure in SAP BusinessObjects Business Intelligence Platform. Connected sources provide concrete technical detail: the vulnerability allows an attacker to access information that should be restricted, with a low confidentiality impact and no impact on in...
CVE-2019-0375
CVE-2019-0375 affects SAP BusinessObjects BI Platform (Web Intelligence HTML interface). The issue is caused by insufficient encoding of user-controlled inputs, allowing reflected Cross-Site Scripting via the export dialog box for report names in versions prior to 4.2 and 4.3. The connected docum...
CVE-2019-0396
SAP BusinessObjects BI Platform Web Intelligence HTML interface is affected by CVE-2019-0396 due to insufficient validation of an XML document from untrusted sources. The issue allows an attacker to craft XML with malicious elements that bypass filtering in certain workflows. Affected versions: 4...
CVE-2019-0378
Summary: CVE-2019-0378 affects SAP BusinessObjects BI Platform (Web Intelligence HTML interface) prior to version 4.2. The issue is due to insufficient encoding of user-controlled inputs, enabling an attacker to store malicious scripts in the filename of a background image, resulting in a Stored ...
CVE-2021-33679
The CVE-2021-33679 entry affects SAP BusinessObjects BI Platform 420. An attacker with basic access can inject a stored script when creating a new module document, file, or folder; when other users visit the page, the script executes in their session, compromising confidentiality and integrity. N...
CVE-2024-34684
CVE-2024-34684 affects SAP BusinessObjects Business Intelligence Platform (Scheduling) on Unix. An authenticated attacker with local administrator access can access the password of a local account, enabling retrieval of non-administrative credentials and allowing read/modify of remote server file...
CVE-2019-0376
SAP BusinessObjects BI Platform (Web Intelligence HTML interface) is affected by CVE-2019-0376. Affected versions are before 4.2 and 4.3, where user input in publication names is not sufficiently encoded, enabling stored cross-site scripting: an attacker can save malicious scripts in a publicatio...
CVE-2022-39014
CVE-2022-39014 affects SAP BusinessObjects BI Platform Central Management Console (CMC) 430. The issue is an information-disclosure vulnerability: under certain conditions an attacker could access unencrypted sensitive parameters that should be restricted. The public documents indicate the root c...
CVE-2020-6278
CVE-2020-6278 affects SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), specifically versions 4.1 and 4.2. The root cause is a lack of proper validation of client-side data in the WEB application, enabling stored cross-site scripting. An attacker can embed malicious scri...
CVE-2024-33004
CVE-2024-33004 affects SAP Business Objects Business Intelligence Platform. The issue is insecure storage: dynamic web pages are cached after logout, allowing an attacker to view cached pages and open them, with a limited impact on confidentiality, integrity and availability. The initial descript...
CVE-2023-42472
CVE-2023-42472 affects SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface (v420). Root cause: insufficient file type validation during image file upload, enabling an authenticated attacker to intercept requests and modify content type/extension to read/modify sensi...
CVE-2020-6223
The CVE-2020-6223 entry affects SAP Business Objects Business Intelligence Platform (versions 4.1 and 4.2). The vulnerability allows an attacker to modify certain error pages rendered by the application, enabling Content Spoofing that could misdirect users. The available connected documents reaff...