Vulnerabilities > SAP > Businessobjects

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-40623 Unspecified vulnerability in SAP Businessobjects 420/430
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files.
network
low complexity
sap
7.1
2023-05-09 CVE-2023-28764 Insufficiently Protected Credentials vulnerability in SAP Businessobjects 4.20/4.30
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network.
network
high complexity
sap CWE-522
5.9
2022-05-11 CVE-2022-28214 Cleartext Storage of Sensitive Information vulnerability in SAP products
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs.
local
low complexity
sap CWE-312
4.6
2019-06-14 CVE-2019-0303 Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3
SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation.
network
sap CWE-79
4.3
2019-05-14 CVE-2019-0289 Unspecified vulnerability in SAP Businessobjects 4.2/4.3
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
network
sap
5.8
2019-05-14 CVE-2019-0287 Unspecified vulnerability in SAP Businessobjects 4.2/4.3
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
network
sap
6.8
2019-02-15 CVE-2019-0259 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects 4.2/4.3
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
network
low complexity
sap CWE-434
7.5
2019-02-15 CVE-2019-0251 Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
2018-04-10 CVE-2018-2408 Session Fixation vulnerability in SAP Businessobjects
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad.
network
low complexity
sap CWE-384
7.5
2017-12-12 CVE-2017-16683 Unspecified vulnerability in SAP Businessobjects 4.10/4.20
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.
network
low complexity
sap
4.0