VYPR

BusinessObjects Platform

by SAP

CVEs (6)

  • CVE-2022-41267CriDec 13, 2022
    risk 0.64cvss 9.9epss 0.01

    SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on…

  • CVE-2020-26831CriDec 9, 2020
    risk 0.62cvss 9.6epss 0.01

    SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to…

  • CVE-2022-41203HigNov 8, 2022
    risk 0.57cvss 8.8epss 0.01

    In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to…

  • CVE-2021-21444MedFeb 9, 2021
    risk 0.40cvss 6.1epss 0.01

    SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking…

  • CVE-2021-33679MedSep 14, 2021
    risk 0.35cvss 5.4epss 0.00

    The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in…

  • CVE-2023-28764LowMay 9, 2023
    risk 0.24cvss 3.7epss 0.01

    SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and…