Vulnerabilities > SAP > Business Objects Business Intelligence Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-28166 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420 SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. | 4.3 |
| 2024-08-13 | CVE-2024-41731 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420 SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. | 4.3 |
| 2024-08-13 | CVE-2024-42375 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430/440 SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. | 4.3 |
| 2023-02-14 | CVE-2023-23856 | Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 430 In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. | 5.4 |
| 2023-01-10 | CVE-2023-0015 | Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420 In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. | 5.4 |
| 2022-12-12 | CVE-2022-41263 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. | 4.3 |
| 2022-12-12 | CVE-2022-31596 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430 Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. | 6.0 |
| 2022-10-11 | CVE-2022-39015 | Exposure of Resource to Wrong Sphere vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. | 6.5 |
| 2022-07-12 | CVE-2022-31598 | Insufficient Verification of Data Authenticity vulnerability in SAP Business Objects Business Intelligence Platform 420 Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. | 5.4 |
| 2022-07-12 | CVE-2022-32246 | SQL Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. | 4.6 |