Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-34684 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430/440 On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. | 6.0 |
| 2023-01-10 | CVE-2023-0018 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. | 6.1 |
| 2022-09-13 | CVE-2022-39014 | Missing Encryption of Sensitive Data vulnerability in SAP Businessobjects Business Intelligence Platform 430 Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. | 5.3 |
| 2022-07-12 | CVE-2022-29619 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. | 6.5 |
| 2022-07-12 | CVE-2022-35169 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. | 6.0 |
| 2022-04-12 | CVE-2022-22541 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. | 6.5 |
| 2022-04-12 | CVE-2022-27671 | Information Exposure Through Sent Data vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. | 6.5 |
| 2022-04-12 | CVE-2022-28216 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. | 6.1 |
| 2021-12-14 | CVE-2021-42061 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2021-09-14 | CVE-2021-33679 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. | 5.4 |