Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-14 | CVE-2023-24530 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. | 9.1 |
2020-12-09 | CVE-2020-26831 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS). | 9.6 |
2020-08-12 | CVE-2020-6294 | Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform 4.2/4.3 Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. | 9.1 |
2020-05-12 | CVE-2020-6242 | Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. | 9.8 |
2020-04-14 | CVE-2020-6195 | Insufficiently Protected Credentials vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. | 9.8 |