Vulnerabilities > SAP > Business Objects Business Intelligence Platform
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-12 | CVE-2022-41263 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. | 4.3 |
2022-12-12 | CVE-2022-31596 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430 Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. | 6.0 |
2022-10-11 | CVE-2022-39013 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions an authenticated attacker can get access to OS credentials. | 7.6 |
2022-10-11 | CVE-2022-39015 | Exposure of Resource to Wrong Sphere vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | 6.5 |
2022-07-12 | CVE-2022-31598 | Insufficient Verification of Data Authenticity vulnerability in SAP Business Objects Business Intelligence Platform 420 Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. | 5.4 |
2022-07-12 | CVE-2022-32246 | SQL Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. | 4.6 |
2022-06-06 | CVE-2020-6220 | Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 4.1/4.2 BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.7 |
2022-03-10 | CVE-2022-24398 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. | 6.5 |