Businessobjects
Sign in to watchby SAP
CVEs (14)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16683 | Med | 0.42 | 6.5 | 0.01 | Dec 12, 2017 | Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | |
| CVE-2010-0219 | 0.10 | — | 0.93 | Oct 18, 2010 | Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. | ||
| CVE-2007-6254 | 0.03 | — | 0.32 | Mar 20, 2008 | Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2014-9387 | 0.00 | — | 0.06 | Dec 17, 2014 | SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | ||
| CVE-2014-8311 | 0.00 | — | 0.00 | Oct 16, 2014 | SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. | ||
| CVE-2014-8310 | 0.00 | — | 0.03 | Oct 16, 2014 | The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | ||
| CVE-2014-8309 | 0.00 | — | 0.00 | Oct 16, 2014 | SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | ||
| CVE-2014-8308 | 0.00 | — | 0.00 | Oct 16, 2014 | Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2014-3134 | 0.00 | — | 0.00 | Apr 30, 2014 | Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2010-3983 | 0.00 | — | 0.00 | Oct 18, 2010 | CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. | ||
| CVE-2010-3982 | 0.00 | — | 0.00 | Oct 18, 2010 | SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | ||
| CVE-2010-3981 | 0.00 | — | 0.00 | Oct 18, 2010 | Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page. | ||
| CVE-2010-3980 | 0.00 | — | 0.00 | Oct 18, 2010 | Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. | ||
| CVE-2010-3979 | 0.00 | — | 0.00 | Oct 18, 2010 | Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. |