Vulnerabilities > SAP > Business Objects Business Intelligence Platform > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-12 | CVE-2023-42478 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application. | 7.6 |
2023-03-14 | CVE-2023-25616 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. | 8.8 |
2023-03-14 | CVE-2023-25617 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. | 8.8 |
2022-12-13 | CVE-2022-41267 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. | 8.8 |
2022-10-11 | CVE-2022-39013 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions an authenticated attacker can get access to OS credentials. | 7.6 |