SAP ≫ Businessobjects

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system....

SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the d...

SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this i...

Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the applic...

Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confide...

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete a...

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information su...

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidential...

SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to buil...

Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.