BusinessObjects Business Intelligence

CVEs (11)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2023-42476	SAP Sap Businessobjects Business Intelligence (bi Workspace)	—	0.00	Dec 12, 2023	SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to…
CVE-2023-42474	SAP Sap Businessobjects Business Intelligence (bi Workspace)	—	0.00	Oct 10, 2023	SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.
CVE-2023-39440	SAP Sap Businessobjects Business Intelligence (bi Workspace)	—	0.00	Aug 8, 2023	In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the…
CVE-2023-23856	SAP Sap Businessobjects Business Intelligence (bi Workspace)	—	0.00	Feb 14, 2023	In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable…
CVE-2022-22546	SAP BusinessObjects Business Intelligence	—	0.00	Feb 9, 2022	Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.
CVE-2018-2446	SAP Sap Businessobjects Business Intelligence (bi Workspace)	—	0.01	Aug 14, 2018	Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
CVE-2018-2445	SAP BusinessObjects Business Intelligence Platform (Web Intelligence)	—	0.00	Aug 14, 2018	AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.
CVE-2018-2442	SAP Sap Businessobjects Business Intelligence (bi Workspace)	—	0.00	Aug 14, 2018	In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.
CVE-2018-2427	SAP Crystal Reports	—	0.01	Jul 10, 2018	SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the…
CVE-2018-2432	SAP Sap Businessobjects Business Intelligence Platform (central Management Console)	—	0.00	Jul 10, 2018	SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced…
CVE-2018-2431	SAP Sap Businessobjects Business Intelligence (bi Workspace)	—	0.00	Jul 10, 2018	SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVE-2023-42476Dec 12, 2023
SAP
Sap Businessobjects Business Intelligence (bi Workspace)
risk 0.00cvss —epss 0.00
SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to…
CVE-2023-42474Oct 10, 2023
SAP
Sap Businessobjects Business Intelligence (bi Workspace)
risk 0.00cvss —epss 0.00
SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.
CVE-2023-39440Aug 8, 2023
SAP
Sap Businessobjects Business Intelligence (bi Workspace)
risk 0.00cvss —epss 0.00
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the…
CVE-2023-23856Feb 14, 2023
SAP
Sap Businessobjects Business Intelligence (bi Workspace)
risk 0.00cvss —epss 0.00
In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable…
CVE-2022-22546Feb 9, 2022
SAP
BusinessObjects Business Intelligence
risk 0.00cvss —epss 0.00
Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.
CVE-2018-2446Aug 14, 2018
SAP
Sap Businessobjects Business Intelligence (bi Workspace)
risk 0.00cvss —epss 0.01
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
CVE-2018-2445Aug 14, 2018
SAP
BusinessObjects Business Intelligence Platform (Web Intelligence)
risk 0.00cvss —epss 0.00
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.
CVE-2018-2442Aug 14, 2018
SAP
Sap Businessobjects Business Intelligence (bi Workspace)
risk 0.00cvss —epss 0.00
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.
CVE-2018-2427Jul 10, 2018
SAP
Crystal Reports
risk 0.00cvss —epss 0.01
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the…
CVE-2018-2432Jul 10, 2018
SAP
Sap Businessobjects Business Intelligence Platform (central Management Console)
risk 0.00cvss —epss 0.00
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced…
CVE-2018-2431Jul 10, 2018
SAP
Sap Businessobjects Business Intelligence (bi Workspace)
risk 0.00cvss —epss 0.00
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.