Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
businessobjects business intelligence platform vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-0377
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), prior to 4.2, does not sufficiently encode user-controlled inputs and allows an malicious user to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting.
Sap Businessobjects Business Intelligence Platform 4.0
Sap Businessobjects Business Intelligence Platform 4.1
5.4
CVSSv3
CVE-2019-0334
When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker coul...
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.1
5.4
CVSSv3
CVE-2019-0269
SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence 4.20
Sap Businessobjects Business Intelligence 4.10
5.4
CVSSv3
CVE-2018-2397
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
Sap Businessobjects Business Intelligence Platform 4.10
Sap Businessobjects Business Intelligence Platform 4.30
Sap Businessobjects Business Intelligence Platform 4.00
Sap Businessobjects Business Intelligence Platform 4.20
5.3
CVSSv3
CVE-2023-37489
Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application'...
Sap Businessobjects Business Intelligence 430
5.3
CVSSv3
CVE-2023-27894
SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an malicious user to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attack...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
5.3
CVSSv3
CVE-2022-39014
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an malicious user to access certain unencrypted sensitive parameters which would otherwise be restricted.
Sap Businessobjects Business Intelligence Platform 430
5.3
CVSSv3
CVE-2020-6308
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated malicious user to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
Sap Businessobjects Business Intelligence Platform 4.3
3 Github repositories
5.3
CVSSv3
CVE-2020-6288
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerab...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
5.3
CVSSv3
CVE-2020-6189
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure.
Sap Businessobjects Business Intelligence Platform 4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »