Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap businessobjects business intelligence 4.3 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-0398
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), prior to 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
Sap Businessobjects Business Intelligence Platform 4.3
3.5
CVSSv2
CVE-2020-6300
SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controll...
Sap Businessobjects Business Intelligence Platform 4.2
Sap Businessobjects Business Intelligence Platform 4.3
5.5
CVSSv2
CVE-2022-28213
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful e...
Sap Businessobjects Business Intelligence Platform 420
Sap Businessobjects Business Intelligence Platform 430
3.5
CVSSv2
CVE-2019-0374
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), prior to 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
Sap Businessobjects Business Intelligence Platform 4.0
5
CVSSv2
CVE-2019-0352
In SAP Business Objects Business Intelligence Platform, prior to 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
Sap Businessobjects Business Intelligence Platform 4.10
Sap Businessobjects Business Intelligence Platform 4.20
Sap Businessobjects Business Intelligence Platform 4.30
3.5
CVSSv2
CVE-2019-0375
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), prior to 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting.
Sap Businessobjects Business Intelligence Platform 4.0
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
3.5
CVSSv2
CVE-2019-0376
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), prior to 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an malicious user to save malicious scripts in the publication name, which can be executed later by the victi...
Sap Businessobjects Business Intelligence Platform 4.0
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
4
CVSSv2
CVE-2019-0333
In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting i...
Sap Businessobjects Business Intelligence 4.2
5.8
CVSSv2
CVE-2019-0289
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an malicious user to access information which would otherwise be restricted.
Sap Businessobjects 4.2
Sap Businessobjects 4.3
6.8
CVSSv2
CVE-2019-0287
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an malicious user to access information which would otherwise be restricted.
Sap Businessobjects 4.3
Sap Businessobjects 4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »