SAP

Businessobjects Business Intelligence Platform

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-24324

  • EPSS 0.02%
  • Veröffentlicht 10.02.2026 03:04:21
  • Zuletzt bearbeitet 17.02.2026 15:15:09

SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially...

8.1

CVE-2026-0508

  • EPSS 0.01%
  • Veröffentlicht 10.02.2026 03:01:41
  • Zuletzt bearbeitet 17.02.2026 16:06:15

The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unv...

7.5

CVE-2026-0490

  • EPSS 0.11%
  • Veröffentlicht 10.02.2026 03:01:20
  • Zuletzt bearbeitet 17.02.2026 16:06:59

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high...

7.5

CVE-2026-0485

  • EPSS 0.06%
  • Veröffentlicht 10.02.2026 03:00:49
  • Zuletzt bearbeitet 17.02.2026 16:11:42

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could...

5.3

CVE-2025-42988

Medienbericht
  • EPSS 0.08%
  • Veröffentlicht 10.06.2025 00:12:00
  • Zuletzt bearbeitet 23.10.2025 14:26:31

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further ena...

7.1

CVE-2025-31332

  • EPSS 0.04%
  • Veröffentlicht 08.04.2025 07:15:36
  • Zuletzt bearbeitet 24.10.2025 18:08:22

Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on in...

6.1

CVE-2025-25245

  • EPSS 0.07%
  • Veröffentlicht 11.03.2025 01:15:35
  • Zuletzt bearbeitet 24.10.2025 18:41:16

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user....

6.5

CVE-2025-0064

  • EPSS 0.06%
  • Veröffentlicht 11.02.2025 01:15:09
  • Zuletzt bearbeitet 23.10.2025 18:41:05

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system....

9.1

CVE-2025-0061

  • EPSS 0.16%
  • Veröffentlicht 14.01.2025 01:15:16
  • Zuletzt bearbeitet 24.10.2025 19:14:21

SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the d...

6.5

CVE-2025-0060

  • EPSS 0.11%
  • Veröffentlicht 14.01.2025 01:15:16
  • Zuletzt bearbeitet 24.10.2025 19:15:58

SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this i...