Vulnerabilities > SAP > Businessobjects > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2023-28764 | Insufficiently Protected Credentials vulnerability in SAP Businessobjects 4.20/4.30 SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. | 5.9 |
| 2022-05-11 | CVE-2022-28214 | Cleartext Storage of Sensitive Information vulnerability in SAP products During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. | 4.6 |
| 2019-06-14 | CVE-2019-0303 | Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3 SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. | 4.3 |
| 2019-05-14 | CVE-2019-0289 | Unspecified vulnerability in SAP Businessobjects 4.2/4.3 Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. network sap | 5.8 |
| 2019-05-14 | CVE-2019-0287 | Unspecified vulnerability in SAP Businessobjects 4.2/4.3 Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. network sap | 6.8 |
| 2019-02-15 | CVE-2019-0251 | Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3 The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.3 |
| 2017-12-12 | CVE-2017-16683 | Unspecified vulnerability in SAP Businessobjects 4.10/4.20 Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | 4.0 |
| 2014-10-16 | CVE-2014-8309 | Information Exposure vulnerability in SAP Businessobjects and Businessobjects XI SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | 5.0 |
| 2014-10-16 | CVE-2014-8308 | Cross-Site Scripting vulnerability in SAP Businessobjects 4.0 Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-04-30 | CVE-2014-3134 | Cross-Site Scripting vulnerability in SAP Businessobjects Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |