Vulnerabilities > SAP > Businessobjects Business Intelligence Platform

DATE CVE VULNERABILITY TITLE RISK
2022-07-12 CVE-2022-35228 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted.
network
low complexity
sap
8.8
2022-04-12 CVE-2022-22541 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections.
network
low complexity
sap
6.5
2022-04-12 CVE-2022-27667 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 430
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
network
low complexity
sap CWE-200
7.5
2022-04-12 CVE-2022-27671 Information Exposure Through Sent Data vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.
network
low complexity
sap CWE-201
6.5
2022-04-12 CVE-2022-28213 Missing XML Validation vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.
network
low complexity
sap CWE-112
8.1
2022-04-12 CVE-2022-28216 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420
SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network.
network
low complexity
sap CWE-79
6.1
2021-12-14 CVE-2021-42061 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2021-10-12 CVE-2021-40500 XXE vulnerability in SAP Businessobjects Business Intelligence Platform 4.20/4.30
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data.
network
low complexity
sap CWE-611
7.5
2021-09-14 CVE-2021-33679 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder.
network
low complexity
sap CWE-79
5.4
2020-12-09 CVE-2020-26831 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).
network
low complexity
sap
critical
9.6