VYPR

Sap Businessobjects Business Intelligence Platform (central Management Console)

by SAP

CVEs (7)

  • CVE-2018-2432MedJul 10, 2018
    risk 0.35cvss 5.4epss 0.01

    SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced…

  • CVE-2026-24325Feb 10, 2026
    risk 0.00cvss epss 0.00

    SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the…

  • CVE-2025-0064Feb 11, 2025
    risk 0.00cvss epss 0.00

    Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high…

  • CVE-2023-0018Jan 10, 2023
    risk 0.00cvss epss 0.01

    Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these…

  • CVE-2020-6300Aug 12, 2020
    risk 0.00cvss epss 0.01

    SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode…

  • CVE-2020-6195Apr 14, 2020
    risk 0.00cvss epss 0.01

    SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative…

  • CVE-2019-0268Mar 12, 2019
    risk 0.00cvss epss 0.02

    SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.