Vulnerabilities > SAP > Businessobjects Business Intelligence > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-36917 Improper Restriction of Excessive Authentication Attempts vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality.
network
low complexity
sap CWE-307
7.5
2023-05-09 CVE-2023-30740 Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted.
network
low complexity
sap CWE-200
7.6
2023-05-09 CVE-2023-28762 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction.
network
low complexity
sap
7.2
2023-03-14 CVE-2023-27896 Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 420/430
In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.
network
low complexity
sap CWE-918
7.5
2022-11-08 CVE-2022-41203 Deserialization of Untrusted Data vulnerability in SAP Businessobjects Business Intelligence 4.2/4.3
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability.
network
low complexity
sap CWE-502
8.8
2022-08-10 CVE-2022-32245 Cleartext Transmission of Sensitive Information vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network.
network
low complexity
sap CWE-319
8.2