Vulnerabilities > SAP > Business Objects Business Intelligence Platform

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-28166 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2024-08-13 CVE-2024-41730 Missing Authorization vulnerability in SAP Business Objects Business Intelligence Platform Enterprise430/Enterprise440
In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint.
network
low complexity
sap CWE-862
critical
9.8
2024-08-13 CVE-2024-41731 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2024-08-13 CVE-2024-42375 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430/440
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2023-12-12 CVE-2023-42478 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.
network
low complexity
sap CWE-79
7.6
2023-03-14 CVE-2023-25616 Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges.
network
low complexity
sap CWE-74
8.8
2023-03-14 CVE-2023-25617 OS Command Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK.
network
low complexity
sap CWE-78
8.8
2023-02-14 CVE-2023-23856 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 430
In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response.
network
low complexity
sap CWE-79
5.4
2023-01-10 CVE-2023-0015 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420
In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response.
network
low complexity
sap CWE-79
5.4
2022-12-13 CVE-2022-41267 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application.
network
low complexity
sap CWE-434
8.8