Vulnerabilities > SAP > Businessobjects

DATE CVE VULNERABILITY TITLE RISK
2015-10-15 CVE-2015-7730 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
network
low complexity
sap CWE-119
critical
 10.0
10
2014-12-17 CVE-2014-9387 Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 4.1
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
network
low complexity
sap CWE-264
critical
 10.0
10
2014-10-16 CVE-2014-8311 Information Disclosure vulnerability in SAP Businessobjects 4.0
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
network
sap
3.5
3.5
2014-10-16 CVE-2014-8310 Improper Input Validation vulnerability in SAP Businessobjects 4.0
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.
network
sap CWE-20
7.1
7.1
2014-10-16 CVE-2014-8309 Information Exposure vulnerability in SAP Businessobjects and Businessobjects XI
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
network
low complexity
sap CWE-200
5.0
5.0
2014-10-16 CVE-2014-8308 Cross-Site Scripting vulnerability in SAP Businessobjects 4.0
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
sap CWE-79
4.3
4.3
2014-04-30 CVE-2014-3134 Cross-Site Scripting vulnerability in SAP Businessobjects
Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
sap CWE-79
4.3
4.3
2010-10-18 CVE-2010-3983 Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 3.2
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
network
low complexity
sap CWE-264
critical
 9.0
9.0
2010-10-18 CVE-2010-3982 Information Exposure vulnerability in SAP Businessobjects 3.2
SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue.
network
low complexity
sap CWE-200
5.0
5.0
2010-10-18 CVE-2010-3981 Cross-Site Scripting vulnerability in SAP Businessobjects 3.2
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
network
sap CWE-79
4.3
4.3