BusinessObjects Business Intelligence Platform (Web Intelligence)
by SAP
CVEs (118)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-32732 | 0.00 | — | 0.00 | Dec 10, 2024 | Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application. | |||
| CVE-2024-37179 | 0.00 | — | 0.00 | Oct 8, 2024 | SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. | |||
| CVE-2024-45281 | 0.00 | — | 0.00 | Sep 10, 2024 | SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL… | |||
| CVE-2024-41731 | 0.00 | — | 0.00 | Aug 13, 2024 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | |||
| CVE-2024-28166 | 0.00 | — | 0.00 | Aug 13, 2024 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | |||
| CVE-2024-42375 | 0.00 | — | 0.00 | Aug 13, 2024 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | |||
| CVE-2024-34684 | 0.00 | — | 0.00 | Jun 11, 2024 | On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will… | |||
| CVE-2024-33004 | 0.00 | — | 0.00 | May 14, 2024 | SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited… | |||
| CVE-2024-28165 | 0.00 | — | 0.01 | May 14, 2024 | SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application | |||
| CVE-2024-25646 | 0.00 | — | 0.00 | Apr 9, 2024 | Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application. | |||
| CVE-2023-42478 | 0.00 | — | 0.01 | Dec 12, 2023 | SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application. | |||
| CVE-2023-42476 | 0.00 | — | 0.01 | Dec 12, 2023 | SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to… | |||
| CVE-2023-42474 | 0.00 | — | 0.00 | Oct 10, 2023 | SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information. | |||
| CVE-2023-42472 | 0.00 | — | 0.01 | Sep 12, 2023 | Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an… | |||
| CVE-2023-39440 | 0.00 | — | 0.00 | Aug 8, 2023 | In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the… | |||
| CVE-2023-36917 | 0.00 | — | 0.00 | Jul 11, 2023 | SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although… | |||
| CVE-2023-31406 | 0.00 | — | 0.00 | May 9, 2023 | Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information… | |||
| CVE-2023-31404 | 0.00 | — | 0.00 | May 9, 2023 | Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of… | |||
| CVE-2023-30741 | 0.00 | — | 0.00 | May 9, 2023 | Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information… | |||
| CVE-2023-30740 | 0.00 | — | 0.00 | May 9, 2023 | SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity and… |
- CVE-2024-32732Dec 10, 2024risk 0.00cvss —epss 0.00
Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application.
- CVE-2024-37179Oct 8, 2024risk 0.00cvss —epss 0.00
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.
- CVE-2024-45281Sep 10, 2024risk 0.00cvss —epss 0.00
SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL…
- CVE-2024-41731Aug 13, 2024risk 0.00cvss —epss 0.00
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.
- CVE-2024-28166Aug 13, 2024risk 0.00cvss —epss 0.00
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.
- CVE-2024-42375Aug 13, 2024risk 0.00cvss —epss 0.00
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.
- CVE-2024-34684Jun 11, 2024risk 0.00cvss —epss 0.00
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will…
- CVE-2024-33004May 14, 2024risk 0.00cvss —epss 0.00
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited…
- CVE-2024-28165May 14, 2024risk 0.00cvss —epss 0.01
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application
- CVE-2024-25646Apr 9, 2024risk 0.00cvss —epss 0.00
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
- CVE-2023-42478Dec 12, 2023risk 0.00cvss —epss 0.01
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.
- CVE-2023-42476Dec 12, 2023risk 0.00cvss —epss 0.01
SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to…
- CVE-2023-42474Oct 10, 2023risk 0.00cvss —epss 0.00
SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.
- CVE-2023-42472Sep 12, 2023risk 0.00cvss —epss 0.01
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an…
- CVE-2023-39440Aug 8, 2023risk 0.00cvss —epss 0.00
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the…
- CVE-2023-36917Jul 11, 2023risk 0.00cvss —epss 0.00
SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although…
- CVE-2023-31406May 9, 2023risk 0.00cvss —epss 0.00
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information…
- CVE-2023-31404May 9, 2023risk 0.00cvss —epss 0.00
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of…
- CVE-2023-30741May 9, 2023risk 0.00cvss —epss 0.00
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information…
- CVE-2023-30740May 9, 2023risk 0.00cvss —epss 0.00
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity and…
Page 2 of 6