Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap businessobjects business intelligence 4.20 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-40500
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated malicious user to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploita...
Sap Businessobjects Business Intelligence Platform 4.20
Sap Businessobjects Business Intelligence Platform 4.30
445
VMScore
CVE-2019-0352
In SAP Business Objects Business Intelligence Platform, prior to 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
Sap Businessobjects Business Intelligence Platform 4.10
Sap Businessobjects Business Intelligence Platform 4.20
Sap Businessobjects Business Intelligence Platform 4.30
490
VMScore
CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.3
312
VMScore
CVE-2019-0269
SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence 4.10
Sap Businessobjects Business Intelligence 4.20
445
VMScore
CVE-2018-2471
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an malicious user to access information which would otherwise be restricted.
Sap Businessobjects Business Intelligence Platform 4.10
Sap Businessobjects Business Intelligence Platform 4.20
383
VMScore
CVE-2018-2472
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Bi Platform 4.2
Sap Businessobjects Bi Platform 4.1
436
VMScore
CVE-2018-2432
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an malicious user to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advan...
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.3
578
VMScore
CVE-2018-2427
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an malicious user to inject code that can be executed by the application. An attacker could thereby control the behaviour of the ...
Sap Businessobjects Business Intelligence 4.10
Sap Businessobjects Business Intelligence 4.20
Sap Crystal Reports -
383
VMScore
CVE-2018-2431
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence 4.10
Sap Businessobjects Business Intelligence 4.20
312
VMScore
CVE-2018-2397
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
Sap Businessobjects Business Intelligence Platform 4.00
Sap Businessobjects Business Intelligence Platform 4.10
Sap Businessobjects Business Intelligence Platform 4.20
Sap Businessobjects Business Intelligence Platform 4.30
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started