Vulnerabilities > SAP > Businessobjects Business Intelligence > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-11 | CVE-2023-36917 | Improper Restriction of Excessive Authentication Attempts vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. | 7.5 |
| 2023-05-09 | CVE-2023-30740 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. | 7.6 |
| 2023-05-09 | CVE-2023-28762 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. | 7.2 |
| 2023-03-14 | CVE-2023-27896 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 420/430 In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability. | 7.5 |
| 2022-11-08 | CVE-2022-41203 | Deserialization of Untrusted Data vulnerability in SAP Businessobjects Business Intelligence 4.2/4.3 In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. | 8.8 |
| 2022-08-10 | CVE-2022-32245 | Cleartext Transmission of Sensitive Information vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. | 8.2 |