Vulnerabilities > SAP > Businessobjects
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-12 | CVE-2023-40623 | Unspecified vulnerability in SAP Businessobjects 420/430 SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. | 7.1 |
2023-05-09 | CVE-2023-28764 | Insufficiently Protected Credentials vulnerability in SAP Businessobjects 4.20/4.30 SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. | 5.9 |
2022-05-11 | CVE-2022-28214 | Cleartext Storage of Sensitive Information vulnerability in SAP products During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. | 7.8 |
2019-06-14 | CVE-2019-0303 | Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3 SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. | 6.1 |
2019-05-14 | CVE-2019-0289 | Unspecified vulnerability in SAP Businessobjects 4.2/4.3 Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | 7.1 |
2019-05-14 | CVE-2019-0287 | Unspecified vulnerability in SAP Businessobjects 4.2/4.3 Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | 7.6 |
2019-02-15 | CVE-2019-0259 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects 4.2/4.3 SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. | 9.8 |
2019-02-15 | CVE-2019-0251 | Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3 The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2018-04-10 | CVE-2018-2408 | Session Fixation vulnerability in SAP Businessobjects Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. | 7.3 |
2017-12-12 | CVE-2017-16683 | Unspecified vulnerability in SAP Businessobjects 4.10/4.20 Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | 6.5 |