Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap businessobjects business intelligence 4.3 vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2020-26831
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to int...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
Sap Businessobjects Business Intelligence Platform 4.3
8.8
CVSSv3
CVE-2022-41203
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserializa...
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.2
1 Article
8.8
CVSSv3
CVE-2019-0398
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), prior to 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
Sap Businessobjects Business Intelligence Platform 4.3
8.1
CVSSv3
CVE-2022-28213
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful e...
Sap Businessobjects Business Intelligence Platform 420
Sap Businessobjects Business Intelligence Platform 430
8.1
CVSSv3
CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.2
Sap Businessobjects Business Intelligence 4.1
7.6
CVSSv3
CVE-2019-0287
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an malicious user to access information which would otherwise be restricted.
Sap Businessobjects 4.3
Sap Businessobjects 4.2
7.5
CVSSv3
CVE-2019-0352
In SAP Business Objects Business Intelligence Platform, prior to 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
Sap Businessobjects Business Intelligence Platform 4.10
Sap Businessobjects Business Intelligence Platform 4.20
Sap Businessobjects Business Intelligence Platform 4.30
7.1
CVSSv3
CVE-2019-0289
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an malicious user to access information which would otherwise be restricted.
Sap Businessobjects 4.2
Sap Businessobjects 4.3
6.5
CVSSv3
CVE-2019-0333
In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting i...
Sap Businessobjects Business Intelligence 4.2
6.1
CVSSv3
CVE-2019-0332
SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an malicious user to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.1
Sap Businessobjects Business Intelligence 4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »