Vulnerabilities > SAP > Business Objects Business Intelligence Platform

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-41263 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted.
network
low complexity
sap
4.3
2022-12-12 CVE-2022-31596 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted.
network
low complexity
sap
6.0
2022-10-11 CVE-2022-39013 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions an authenticated attacker can get access to OS credentials.
network
low complexity
sap
7.6
2022-10-11 CVE-2022-39015 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
6.5
2022-07-12 CVE-2022-31598 Insufficient Verification of Data Authenticity vulnerability in SAP Business Objects Business Intelligence Platform 420
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation.
network
low complexity
sap CWE-345
5.4
2022-07-12 CVE-2022-32246 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend.
network
low complexity
sap
4.6
2022-06-06 CVE-2020-6220 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 4.1/4.2
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
high complexity
sap CWE-79
4.7
2022-03-10 CVE-2022-24398 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.
network
low complexity
sap
6.5