Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > 4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-26831 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS). | 9.6 |
| 2020-10-20 | CVE-2020-6308 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. | 5.3 |
| 2020-09-09 | CVE-2020-6312 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. | 5.4 |
| 2020-09-09 | CVE-2020-6288 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. | 5.3 |
| 2020-07-14 | CVE-2020-6278 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting | 5.4 |
| 2020-04-14 | CVE-2020-6211 | Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | 6.1 |
| 2020-04-14 | CVE-2020-6195 | Insufficiently Protected Credentials vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. | 9.8 |
| 2020-04-14 | CVE-2020-6237 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 7.5 |
| 2020-04-14 | CVE-2020-6223 | Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. | 6.1 |
| 2020-04-14 | CVE-2020-6222 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |