Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-14 CVE-2023-24530 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network.
network
low complexity
sap CWE-434
critical
9.1
2020-08-12 CVE-2020-6294 Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform 4.2/4.3
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-306
critical
9.1
2020-05-12 CVE-2020-6242 Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
network
low complexity
sap CWE-306
critical
9.8