Vulnerabilities > SAP > Businessobjects > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-28764 Insufficiently Protected Credentials vulnerability in SAP Businessobjects 4.20/4.30
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network.
network
high complexity
sap CWE-522
5.9
2022-05-11 CVE-2022-28214 Cleartext Storage of Sensitive Information vulnerability in SAP products
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs.
local
low complexity
sap CWE-312
4.6
2019-06-14 CVE-2019-0303 Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3
SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation.
network
sap CWE-79
4.3
2019-05-14 CVE-2019-0289 Unspecified vulnerability in SAP Businessobjects 4.2/4.3
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
network
sap
5.8
2019-05-14 CVE-2019-0287 Unspecified vulnerability in SAP Businessobjects 4.2/4.3
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
network
sap
6.8
2019-02-15 CVE-2019-0251 Cross-site Scripting vulnerability in SAP Businessobjects 4.2/4.3
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
2017-12-12 CVE-2017-16683 Unspecified vulnerability in SAP Businessobjects 4.10/4.20
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.
network
low complexity
sap
4.0
2014-10-16 CVE-2014-8309 Information Exposure vulnerability in SAP Businessobjects and Businessobjects XI
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
network
low complexity
sap CWE-200
5.0
2014-10-16 CVE-2014-8308 Cross-Site Scripting vulnerability in SAP Businessobjects 4.0
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
sap CWE-79
4.3
2014-04-30 CVE-2014-3134 Cross-Site Scripting vulnerability in SAP Businessobjects
Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
sap CWE-79
4.3