Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-42472 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network.
network
low complexity
sap CWE-434
7.3
2023-03-14 CVE-2023-27271 Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.
network
low complexity
sap CWE-918
7.5
2023-02-14 CVE-2023-0020 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted.
network
low complexity
sap CWE-200
7.1
2023-01-10 CVE-2023-0022 Code Injection vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network.
network
low complexity
sap CWE-94
8.8