Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap businessobjects business intelligence 420 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-28214
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Avai...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
Sap Businessobjects 430
Sap Businessobjects 420
6.1
CVSSv3
CVE-2021-21444
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking ...
Sap Businessobjects Business Intelligence 410
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
6.1
CVSSv3
CVE-2023-31406
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated malicious user to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify informatio...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
9
CVSSv3
CVE-2023-37490
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
8.2
CVSSv3
CVE-2022-32245
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated malicious user to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
1 Article
5.3
CVSSv3
CVE-2023-27894
SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an malicious user to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attack...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
7.6
CVSSv3
CVE-2023-30740
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated malicious user to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity a...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
7.5
CVSSv3
CVE-2023-36917
SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
7.2
CVSSv3
CVE-2023-28762
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platf...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
9.8
CVSSv3
CVE-2023-28765
An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the p...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »