Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap businessobjects - vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2023-28764
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and dom...
Sap Businessobjects 4.20
Sap Businessobjects 4.30
7.1
CVSSv3
CVE-2023-40623
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files ...
Sap Businessobjects 420
Sap Businessobjects 430
6.5
CVSSv3
CVE-2017-16683
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an malicious user to prevent legitimate users from accessing a service.
Sap Businessobjects 4.20
Sap Businessobjects 4.10
8.1
CVSSv3
CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.3
6.1
CVSSv3
CVE-2019-0326
SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.3
5.3
CVSSv3
CVE-2019-0331
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an malicious user to access sensitive data such as directory structure, leading to Information Disclosure.
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.3
5.4
CVSSv3
CVE-2019-0334
When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker coul...
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.3
5.4
CVSSv3
CVE-2018-2432
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an malicious user to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advan...
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.3
6.1
CVSSv3
CVE-2021-21444
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking ...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 410
Sap Businessobjects Business Intelligence 430
6.1
CVSSv3
CVE-2019-0332
SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an malicious user to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »