Vulnerabilities > SAP > Business Objects Business Intelligence Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-28166 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2024-08-13 CVE-2024-41731 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2024-08-13 CVE-2024-42375 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430/440
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2023-02-14 CVE-2023-23856 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 430
In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response.
network
low complexity
sap CWE-79
5.4
2023-01-10 CVE-2023-0015 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420
In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response.
network
low complexity
sap CWE-79
5.4
2022-12-12 CVE-2022-41263 Cross-Site Request Forgery (CSRF) vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted.
network
low complexity
sap CWE-352
4.3
2022-12-12 CVE-2022-31596 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted.
network
low complexity
sap
6.0
2022-10-11 CVE-2022-39015 Exposure of Resource to Wrong Sphere vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap CWE-668
6.5
2022-07-12 CVE-2022-31598 Insufficient Verification of Data Authenticity vulnerability in SAP Business Objects Business Intelligence Platform 420
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation.
network
low complexity
sap CWE-345
5.4
2022-07-12 CVE-2022-32246 SQL Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend.
network
low complexity
sap CWE-89
4.6