Vulnerabilities > SAP > Businessobjects Business Intelligence Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-0398 Cross-Site Request Forgery (CSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2/4.3
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
network
sap CWE-352
6.8
2019-11-13 CVE-2019-0396 Improper Input Validation vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-20
5.5
2019-09-10 CVE-2019-0352 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 4.10/4.20/4.30
In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
network
low complexity
sap CWE-200
5.0
2018-10-09 CVE-2018-2471 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.10/4.20
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
5.0