Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
businessobjects vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-28765
An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the p...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
5.3
CVSSv3
CVE-2023-27894
SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an malicious user to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attack...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
7.5
CVSSv3
CVE-2023-27896
In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
7.5
CVSSv3
CVE-2023-36917
SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
9.9
CVSSv3
CVE-2023-40622
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated malicious user to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compr...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
1 Article
5
CVSSv3
CVE-2023-31404
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an malicious user to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials ...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
6.1
CVSSv3
CVE-2023-31406
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated malicious user to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify informatio...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
8.8
CVSSv3
CVE-2022-41203
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserializa...
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.2
1 Article
5.4
CVSSv3
CVE-2022-41206
SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated malicious user to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there coul...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
7.6
CVSSv3
CVE-2023-30740
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated malicious user to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity a...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »