Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap businessobjects 420 vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2022-28214
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Avai...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
Sap Businessobjects 430
Sap Businessobjects 420
NA
CVE-2023-40623
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files ...
Sap Businessobjects 420
Sap Businessobjects 430
445
VMScore
CVE-2021-40497
SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an malicious user to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system s...
Sap Businessobjects Analysis 430
Sap Businessobjects Analysis 420
356
VMScore
CVE-2021-33667
Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an malicious user to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted.
Sap Businessobjects Web Intelligence 430
Sap Businessobjects Web Intelligence 420
312
VMScore
CVE-2021-33696
SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
NA
CVE-2022-35296
Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading t...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
NA
CVE-2023-27896
In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
312
VMScore
CVE-2021-21447
SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated malicious user to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, wh...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 410
NA
CVE-2023-36917
SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
NA
CVE-2023-37490
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »