Vulnerabilities > SAP > Businessobjects > Critical

DATE CVE VULNERABILITY TITLE RISK
2015-10-15 CVE-2015-7730 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
network
low complexity
sap CWE-119
critical
10.0
2014-12-17 CVE-2014-9387 Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 4.1
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
network
low complexity
sap CWE-264
critical
10.0
2010-10-18 CVE-2010-0219 Credentials Management vulnerability in multiple products
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
network
low complexity
apache sap CWE-255
critical
10.0
2010-10-18 CVE-2010-3983 Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 3.2
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
network
low complexity
sap CWE-264
critical
9.0