Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2022-28216 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420
SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network.
network
sap CWE-79
4.3
2021-10-12 CVE-2021-40500 XXE vulnerability in SAP Businessobjects Business Intelligence Platform 4.20/4.30
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data.
network
low complexity
sap CWE-611
5.0
2020-12-09 CVE-2020-26831 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).
network
low complexity
sap
5.5
2020-10-20 CVE-2020-6308 Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally.
network
low complexity
sap CWE-918
5.0
2020-09-09 CVE-2020-6288 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability.
network
low complexity
sap CWE-434
5.0
2020-07-14 CVE-2020-6281 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting.
network
sap CWE-79
4.3
2020-07-14 CVE-2020-6276 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
network
sap CWE-79
4.3
2020-06-10 CVE-2020-6269 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
network
low complexity
sap CWE-200
4.0
2020-05-12 CVE-2020-6251 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap CWE-200
5.0
2020-05-12 CVE-2020-6247 Improper Input Validation vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service.
network
low complexity
sap CWE-20
5.0