Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
businessobjects business intelligence platform vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-0332
SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an malicious user to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.2
6.1
CVSSv3
CVE-2021-21444
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking ...
Sap Businessobjects Business Intelligence 410
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
5.4
CVSSv3
CVE-2019-0334
When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker coul...
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.1
6.1
CVSSv3
CVE-2019-0335
Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an malicious user to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor i...
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
6.1
CVSSv3
CVE-2021-33697
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated malicious user to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
5.4
CVSSv3
CVE-2021-33696
SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
7.2
CVSSv3
CVE-2023-28762
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platf...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
4.3
CVSSv3
CVE-2018-2483
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method.
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
6.5
CVSSv3
CVE-2019-0348
SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted.
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.2
5.4
CVSSv3
CVE-2019-0269
SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence 4.20
Sap Businessobjects Business Intelligence 4.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »