BusinessObjects Enterprise XI

CVEs (9)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2010-0219	Apache Axis2	0.10	—	0.93	Oct 18, 2010	Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web…
CVE-2022-28214	SAP BusinessObjects Enterprise XI	0.00	—	0.00	May 11, 2022	During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and…
CVE-2015-7730	SAP Businessobjects	0.00	—	0.02	Oct 15, 2015	SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
CVE-2014-8309	SAP Businessobjects	0.00	—	0.00	Oct 16, 2014	SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise…
CVE-2010-3983	SAP Businessobjects	0.00	—	0.00	Oct 18, 2010	CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
CVE-2010-3982	SAP Businessobjects	0.00	—	0.00	Oct 18, 2010	SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an…
CVE-2010-3981	SAP Businessobjects	0.00	—	0.00	Oct 18, 2010	Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
CVE-2010-3980	SAP Businessobjects	0.00	—	0.00	Oct 18, 2010	Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI.
CVE-2010-3979	SAP Businessobjects	0.00	—	0.00	Oct 18, 2010	Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.

CVE-2010-0219Oct 18, 2010
Apache
Axis2
risk 0.10cvss —epss 0.93
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web…
CVE-2022-28214May 11, 2022
SAP
BusinessObjects Enterprise XI
risk 0.00cvss —epss 0.00
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and…
CVE-2015-7730Oct 15, 2015
SAP
Businessobjects
risk 0.00cvss —epss 0.02
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
CVE-2014-8309Oct 16, 2014
SAP
Businessobjects
risk 0.00cvss —epss 0.00
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise…
CVE-2010-3983Oct 18, 2010
SAP
Businessobjects
risk 0.00cvss —epss 0.00
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
CVE-2010-3982Oct 18, 2010
SAP
Businessobjects
risk 0.00cvss —epss 0.00
SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an…
CVE-2010-3981Oct 18, 2010
SAP
Businessobjects
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
CVE-2010-3980Oct 18, 2010
SAP
Businessobjects
risk 0.00cvss —epss 0.00
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI.
CVE-2010-3979Oct 18, 2010
SAP
Businessobjects
risk 0.00cvss —epss 0.00
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.