Vulnerabilities > SAP > Businessobjects Business Intelligence > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-40622 Incorrect Permission Assignment for Critical Resource vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted.
network
low complexity
sap CWE-732
critical
9.9
2023-08-08 CVE-2023-37490 Uncontrolled Search Path Element vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process.
low complexity
sap CWE-427
critical
9.0
2023-04-11 CVE-2023-28765 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file.
network
low complexity
sap
critical
9.8
2018-08-14 CVE-2018-2445 Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.
network
low complexity
sap CWE-918
critical
9.6