SAP

Businessobjects

38 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.7

CVE-2025-0064

  • EPSS 0.07%
  • Published 11.02.2025 01:15:09
  • Last modified 18.02.2025 18:15:28

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system....

8.7

CVE-2025-0061

  • EPSS 0.12%
  • Published 14.01.2025 01:15:16
  • Last modified 14.01.2025 01:15:16

SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the d...

6.5

CVE-2025-0060

  • EPSS 0.09%
  • Published 14.01.2025 01:15:16
  • Last modified 14.01.2025 01:15:16

SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this i...

5.3

CVE-2024-32732

  • EPSS 0.11%
  • Published 10.12.2024 01:15:05
  • Last modified 10.12.2024 01:15:05

Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the applic...

7.7

CVE-2024-25646

  • EPSS 0.1%
  • Published 09.04.2024 01:15:48
  • Last modified 21.11.2024 09:01:08

Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confide...

7.1

CVE-2023-40623

  • EPSS 0.15%
  • Published 12.09.2023 03:15:13
  • Last modified 21.11.2024 08:19:50

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete a...

5.9

CVE-2023-28764

  • EPSS 0.26%
  • Published 09.05.2023 01:15:08
  • Last modified 21.11.2024 07:55:57

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information su...

7.8

CVE-2022-28214

  • EPSS 0.03%
  • Published 11.05.2022 15:15:09
  • Last modified 21.11.2024 06:56:57

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidential...

6.1

CVE-2019-0303

  • EPSS 0.23%
  • Published 14.06.2019 19:29:00
  • Last modified 21.11.2024 04:16:39

SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to buil...

7.1

CVE-2019-0289

  • EPSS 0.29%
  • Published 14.05.2019 21:29:00
  • Last modified 21.11.2024 04:16:38

Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.