Vulnerabilities > SAP > Businessobjects Business Intelligence Platform

DATE CVE VULNERABILITY TITLE RISK
2020-05-12 CVE-2020-6251 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
6.5
2020-05-12 CVE-2020-6247 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service.
network
low complexity
sap
7.5
2020-05-12 CVE-2020-6245 Injection vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.
local
low complexity
sap CWE-74
6.7
2020-05-12 CVE-2020-6242 Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
network
low complexity
sap CWE-306
critical
9.8
2020-04-14 CVE-2020-6211 Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
network
low complexity
sap CWE-601
6.1
2020-04-14 CVE-2020-6195 Insufficiently Protected Credentials vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure.
network
low complexity
sap CWE-522
critical
9.8
2020-04-14 CVE-2020-6237 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
network
low complexity
sap
7.5
2020-04-14 CVE-2020-6231 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2020-04-14 CVE-2020-6227 Improper Encoding or Escaping of Output vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files.
network
low complexity
sap CWE-116
7.5
2020-04-14 CVE-2020-6226 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4