5 matches found
CVE-2022-22546
SAP Business Objects Web Intelligence (BI Launchpad) 420 is affected by CVE-2022-22546 due to improper HTML encoding in input control summary, enabling an authorized attacker to perform cross-site scripting (XSS). CVSSv3.1 base score 5.4 (MEDIUM). Exploitation details are not elaborated beyond th...
CVE-2021-33667
CVE-2021-33667 affects SAP Business Objects Web Intelligence (BI Launchpad) versions 420 and 430. Affected component is the frontend Analytical Reporting bundle accessed via SDK calls, where an attacker could access JSP source code that would normally be restricted, resulting in information discl...
CVE-2023-42474
Affected product and vulnerability. SAP BusinessObjects Web Intelligence 420 is affected by a cross-site scripting (XSS) vulnerability in a URL parameter, arising from insufficient filtering/escaping of user-supplied data. This could allow an attacker to exfiltrate or view sensitive information b...
CVE-2023-42476
SAP Business Objects Web Intelligence 420 is affected by an authenticated JavaScript injection (XSS) vulnerability in Web Intelligence documents. The issue allows an attacker to inject code that runs in a user’s browser when the vulnerable page is visited, potentially exposing data from reporting...
CVE-2024-25646
CVE-2024-25646 affects SAP BusinessObjects Business Intelligence Launch Pad. Due to improper validation, an authenticated attacker can access operating system information using a crafted document, with high confidentiality impact reported. Several sources (NVD, Red Hat, CNNVD, Nessus plugin 34213...