SAP

Businessobjects Business Intelligence Platform

69 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-42988

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 10.06.2025 00:12:00
  • Zuletzt bearbeitet 23.10.2025 14:26:31

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further ena...

7.1

CVE-2025-31332

  • EPSS 0.01%
  • Veröffentlicht 08.04.2025 07:15:36
  • Zuletzt bearbeitet 24.10.2025 18:08:22

Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on in...

6.1

CVE-2025-25245

  • EPSS 0.06%
  • Veröffentlicht 11.03.2025 01:15:35
  • Zuletzt bearbeitet 24.10.2025 18:41:16

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user....

6.5

CVE-2025-0064

  • EPSS 0.11%
  • Veröffentlicht 11.02.2025 01:15:09
  • Zuletzt bearbeitet 23.10.2025 18:41:05

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system....

9.1

CVE-2025-0061

  • EPSS 0.17%
  • Veröffentlicht 14.01.2025 01:15:16
  • Zuletzt bearbeitet 24.10.2025 19:14:21

SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the d...

6.5

CVE-2025-0060

  • EPSS 0.12%
  • Veröffentlicht 14.01.2025 01:15:16
  • Zuletzt bearbeitet 24.10.2025 19:15:58

SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this i...

5.3

CVE-2024-32732

  • EPSS 0.11%
  • Veröffentlicht 10.12.2024 01:15:05
  • Zuletzt bearbeitet 28.10.2025 18:29:49

Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the applic...

5.8

CVE-2024-45281

  • EPSS 0.03%
  • Veröffentlicht 10.09.2024 05:15:12
  • Zuletzt bearbeitet 28.10.2025 18:40:23

SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnera...

6

CVE-2024-34684

  • EPSS 0.11%
  • Veröffentlicht 11.06.2024 03:15:10
  • Zuletzt bearbeitet 21.11.2024 09:19:11

On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative ...

4.3

CVE-2024-33004

  • EPSS 0.06%
  • Veröffentlicht 14.05.2024 16:17:13
  • Zuletzt bearbeitet 23.10.2025 12:21:52

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can ope...