Vulnerabilities > SAP > Businessobjects

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-40623 Unspecified vulnerability in SAP Businessobjects 420/430
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files.
network
low complexity
sap
7.1
2023-05-09 CVE-2023-28764 Insufficiently Protected Credentials vulnerability in SAP Businessobjects 4.20/4.30
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network.
network
high complexity
sap CWE-522
5.9
2022-05-11 CVE-2022-28214 Cleartext Storage of Sensitive Information vulnerability in SAP products
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs.
local
low complexity
sap CWE-312
7.8
2019-06-14 CVE-2019-0303 Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3
SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation.
network
low complexity
sap CWE-79
6.1
2019-05-14 CVE-2019-0289 Unspecified vulnerability in SAP Businessobjects 4.2/4.3
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.1
2019-05-14 CVE-2019-0287 Unspecified vulnerability in SAP Businessobjects 4.2/4.3
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.6
2019-02-15 CVE-2019-0259 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects 4.2/4.3
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
network
low complexity
sap CWE-434
critical
9.8
2019-02-15 CVE-2019-0251 Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-04-10 CVE-2018-2408 Session Fixation vulnerability in SAP Businessobjects
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad.
network
low complexity
sap CWE-384
7.3
2017-12-12 CVE-2017-16683 Unspecified vulnerability in SAP Businessobjects 4.10/4.20
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.
network
low complexity
sap
6.5