Vulnerabilities > SAP > Business Objects Business Intelligence Platform

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-41263 Cross-Site Request Forgery (CSRF) vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted.
network
low complexity
sap CWE-352
4.3
2022-12-12 CVE-2022-31596 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted.
network
low complexity
sap
6.0
2022-10-11 CVE-2022-39013 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions an authenticated attacker can get access to OS credentials.
network
low complexity
sap
7.6
2022-10-11 CVE-2022-39015 Exposure of Resource to Wrong Sphere vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap CWE-668
6.5
2022-07-12 CVE-2022-31598 Insufficient Verification of Data Authenticity vulnerability in SAP Business Objects Business Intelligence Platform 420
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation.
network
low complexity
sap CWE-345
5.4
2022-07-12 CVE-2022-32246 SQL Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend.
network
low complexity
sap CWE-89
4.6
2022-06-06 CVE-2020-6220 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 4.1/4.2
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
high complexity
sap CWE-79
4.7
2022-03-10 CVE-2022-24398 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.
network
low complexity
sap
6.5