Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-42472 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network.
network
low complexity
sap CWE-434
7.3
2023-03-14 CVE-2023-27271 Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.
network
low complexity
sap CWE-918
7.5
2023-02-14 CVE-2023-0020 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted.
network
low complexity
sap CWE-200
7.1
2023-01-10 CVE-2023-0022 Code Injection vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network.
network
low complexity
sap CWE-94
8.8
2022-07-12 CVE-2022-35228 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted.
network
low complexity
sap
8.8
2022-04-12 CVE-2022-27667 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 430
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
network
low complexity
sap CWE-200
7.5
2022-04-12 CVE-2022-28213 Missing XML Validation vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.
network
low complexity
sap CWE-112
8.1
2021-10-12 CVE-2021-40500 XXE vulnerability in SAP Businessobjects Business Intelligence Platform 4.20/4.30
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data.
network
low complexity
sap CWE-611
7.5
2020-05-12 CVE-2020-6247 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service.
network
low complexity
sap
7.5
2020-04-14 CVE-2020-6237 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
network
low complexity
sap
7.5