Businessobjects Business Intelligence Platform Security Vulnerabilities and Issues — Page 2 of Businessobjects Business Intelligence Platform CVE List

Lucene search

SapBusinessobjects Business Intelligence Platform

59 matches found

CVE•added 2021/12/14 4:15 p.m.•38 views

CVE-2021-42061

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modi...

5.4CVSS5.1AI score0.0037EPSS

CVE•added 2018/10/09 1:29 p.m.•37 views

CVE-2018-2471

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.

7.5CVSS7.3AI score0.00386EPSS

CVE•added 2018/03/14 7:29 p.m.•36 views

CVE-2018-2397

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.

5.4CVSS5.5AI score0.00169EPSS

CVE•added 2020/12/09 5:15 p.m.•36 views

CVE-2020-26831

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosu...

9.6CVSS9.3AI score0.00615EPSS

CVE•added 2020/06/10 1:15 p.m.•35 views

CVE-2020-6269

Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

6.5CVSS6.3AI score0.00223EPSS

CVE•added 2020/07/14 1:15 p.m.•35 views

CVE-2020-6276

SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.

6.1CVSS6.1AI score0.00166EPSS

CVE•added 2020/09/09 1:15 p.m.•35 views

CVE-2020-6288

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker...

5.3CVSS5.2AI score0.00218EPSS

CVE•added 2020/08/12 2:15 p.m.•35 views

CVE-2020-6294

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.

9.1CVSS9.3AI score0.00436EPSS

CVE•added 2020/09/09 1:15 p.m.•32 views

CVE-2020-6312

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site S...

5.4CVSS5.3AI score0.00343EPSS

Total number of security vulnerabilities59