Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
businessobjects business intelligence vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-0269
SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence 4.20
Sap Businessobjects Business Intelligence 4.10
NA
CVE-2023-40622
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated malicious user to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compr...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
1 Article
5.8
CVSSv2
CVE-2021-33697
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated malicious user to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
3.5
CVSSv2
CVE-2021-33696
SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
NA
CVE-2022-41203
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserializa...
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.2
1 Article
NA
CVE-2022-41206
SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated malicious user to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there coul...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
NA
CVE-2023-37490
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
NA
CVE-2023-30740
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated malicious user to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity a...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
NA
CVE-2023-31404
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an malicious user to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials ...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
4
CVSSv2
CVE-2019-0348
SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted.
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »