Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
businessobjects business intelligence platform vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2019-0396
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will no...
Sap Businessobjects Business Intelligence Platform 4.0
Sap Businessobjects Business Intelligence Platform 4.1
5
CVSSv2
CVE-2020-6237
Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an malicious user to access information which would otherwise be restricted, leading to Information Disclosure.
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
3.5
CVSSv2
CVE-2019-0377
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), prior to 4.2, does not sufficiently encode user-controlled inputs and allows an malicious user to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting.
Sap Businessobjects Business Intelligence Platform 4.0
Sap Businessobjects Business Intelligence Platform 4.1
4.3
CVSSv2
CVE-2022-27671
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.
Sap Businessobjects Business Intelligence Platform 420
Sap Businessobjects Business Intelligence Platform 430
3.5
CVSSv2
CVE-2020-6278
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an malicious user to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scr...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
1 Article
5
CVSSv2
CVE-2020-6288
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerab...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
6.4
CVSSv2
CVE-2020-6294
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.
Sap Businessobjects Business Intelligence Platform 4.2
Sap Businessobjects Business Intelligence Platform 4.3
3.5
CVSSv2
CVE-2020-6300
SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controll...
Sap Businessobjects Business Intelligence Platform 4.3
Sap Businessobjects Business Intelligence Platform 4.2
3.5
CVSSv2
CVE-2020-6312
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to ...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
6.8
CVSSv2
CVE-2022-35228
SAP BusinessObjects CMC allows an unauthenticated malicious user to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social en...
Sap Businessobjects Business Intelligence Platform 420
Sap Businessobjects Business Intelligence Platform 430
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »