Vulnerabilities > SAP > Businessobjects Business Intelligence
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-08 | CVE-2024-37179 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence 2025/420/430 SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. | 6.5 |
| 2023-09-12 | CVE-2023-40622 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. | 9.9 |
| 2023-09-12 | CVE-2023-37489 | Information Exposure Through an Error Message vulnerability in SAP Businessobjects Business Intelligence 430 Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity. | 5.3 |
| 2023-08-08 | CVE-2023-37490 | Uncontrolled Search Path Element vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. | 9.0 |
| 2023-08-08 | CVE-2023-39440 | Cleartext Storage of Sensitive Information vulnerability in SAP Businessobjects Business Intelligence 420 In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. | 4.4 |
| 2023-07-11 | CVE-2023-36917 | Improper Restriction of Excessive Authentication Attempts vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. | 7.5 |
| 2023-05-09 | CVE-2023-30740 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. | 7.6 |
| 2023-05-09 | CVE-2023-30741 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430 Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. | 6.1 |
| 2023-05-09 | CVE-2023-31404 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430 Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. | 5.0 |
| 2023-05-09 | CVE-2023-31406 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430 Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. | 6.1 |