Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-42472 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420 Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. | 7.3 |
| 2023-03-14 | CVE-2023-27271 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability. | 7.5 |
| 2023-02-14 | CVE-2023-0020 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. | 7.1 |
| 2023-01-10 | CVE-2023-0022 | Code Injection vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. | 8.8 |
| 2022-07-12 | CVE-2022-35228 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. | 8.8 |
| 2022-04-12 | CVE-2022-27667 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 430 Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 7.5 |
| 2022-04-12 | CVE-2022-28213 | Missing XML Validation vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. | 8.1 |
| 2021-10-12 | CVE-2021-40500 | XXE vulnerability in SAP Businessobjects Business Intelligence Platform 4.20/4.30 SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. | 7.5 |
| 2020-05-12 | CVE-2020-6247 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. | 7.5 |
| 2020-04-14 | CVE-2020-6237 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 7.5 |