Vulnerabilities > SAP > Businessobjects Business Intelligence Platform

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-34684 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430/440
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account.
local
low complexity
sap
6.0
2023-09-12 CVE-2023-42472 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network.
network
low complexity
sap CWE-434
7.3
2023-03-14 CVE-2023-27271 Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.
network
low complexity
sap CWE-918
7.5
2023-02-14 CVE-2023-0020 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted.
network
low complexity
sap CWE-200
7.1
2023-02-14 CVE-2023-24530 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network.
network
low complexity
sap CWE-434
critical
9.1
2023-01-10 CVE-2023-0018 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload.
network
low complexity
sap CWE-79
6.1
2023-01-10 CVE-2023-0022 Code Injection vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network.
network
low complexity
sap CWE-94
8.8
2022-09-13 CVE-2022-39014 Missing Encryption of Sensitive Data vulnerability in SAP Businessobjects Business Intelligence Platform 430
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.
network
low complexity
sap CWE-311
5.3
2022-07-12 CVE-2022-29619 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.
network
low complexity
sap
6.5
2022-07-12 CVE-2022-35169 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application.
network
low complexity
sap CWE-200
6.0