Businessobjects Business Intelligence Platform Security Vulnerabilities and Issues — Businessobjects Business Intelligence Platform CVE List

Lucene search

SapBusinessobjects Business Intelligence Platform

10 matches found

CVE•added 2019/12/11 10:15 p.m.•80 views

CVE-2019-0398

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.

8.8CVSS8.5AI score0.00168EPSS

CVE•added 2019/12/11 10:15 p.m.•63 views

CVE-2019-0395

SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.

5.4CVSS5.4AI score0.00496EPSS

CVE•added 2019/09/10 5:15 p.m.•57 views

CVE-2019-0352

In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.

7.5CVSS7.3AI score0.00281EPSS

CVE•added 2019/10/08 8:15 p.m.•49 views

CVE-2019-0374

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting

5.4CVSS5.4AI score0.00462EPSS

CVE•added 2019/10/08 8:15 p.m.•48 views

CVE-2019-0378

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting.

5.4CVSS5.3AI score0.00298EPSS

CVE•added 2019/11/13 11:15 p.m.•47 views

CVE-2019-0396

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filt...

7.1CVSS6.8AI score0.00425EPSS

CVE•added 2019/10/08 8:15 p.m.•46 views

CVE-2019-0375

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting.

5.4CVSS5.6AI score0.00462EPSS

CVE•added 2019/10/08 8:15 p.m.•45 views

CVE-2019-0376

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in St...

5.4CVSS5.3AI score0.00298EPSS

CVE•added 2019/11/13 10:15 p.m.•42 views

CVE-2019-0382

A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in order to exploit this vulnerability.

5.4CVSS5.3AI score0.0035EPSS

CVE•added 2019/10/08 8:15 p.m.•41 views

CVE-2019-0377

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting.

5.4CVSS5.3AI score0.00298EPSS