Sap Businessobjects Business Intelligence Platform (central Management Console)
by SAP
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-2432 | Med | 0.35 | 5.4 | 0.01 | Jul 10, 2018 | SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced… | ||
| CVE-2026-24325 | 0.00 | — | 0.00 | Feb 10, 2026 | SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the… | |||
| CVE-2025-0064 | 0.00 | — | 0.00 | Feb 11, 2025 | Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high… | |||
| CVE-2023-0018 | 0.00 | — | 0.01 | Jan 10, 2023 | Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these… | |||
| CVE-2020-6300 | 0.00 | — | 0.01 | Aug 12, 2020 | SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode… | |||
| CVE-2020-6195 | 0.00 | — | 0.01 | Apr 14, 2020 | SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative… | |||
| CVE-2019-0268 | 0.00 | — | 0.02 | Mar 12, 2019 | SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source. |
- risk 0.35cvss 5.4epss 0.01
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced…
- CVE-2026-24325Feb 10, 2026risk 0.00cvss —epss 0.00
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the…
- CVE-2025-0064Feb 11, 2025risk 0.00cvss —epss 0.00
Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high…
- CVE-2023-0018Jan 10, 2023risk 0.00cvss —epss 0.01
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these…
- CVE-2020-6300Aug 12, 2020risk 0.00cvss —epss 0.01
SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode…
- CVE-2020-6195Apr 14, 2020risk 0.00cvss —epss 0.01
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative…
- CVE-2019-0268Mar 12, 2019risk 0.00cvss —epss 0.02
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.