Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-11 | CVE-2019-0398 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3 Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. | 6.8 |
2019-11-13 | CVE-2019-0396 | Improper Input Validation vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. | 5.5 |
2019-09-10 | CVE-2019-0352 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 4.10/4.20/4.30 In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. | 5.0 |
2018-10-09 | CVE-2018-2471 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.10/4.20 Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. | 5.0 |