SAP

Businessobjects Business Intelligence Platform

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-32732

  • EPSS 0.11%
  • Veröffentlicht 10.12.2024 01:15:05
  • Zuletzt bearbeitet 28.10.2025 18:29:49

Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the applic...

5.8

CVE-2024-45281

  • EPSS 0.04%
  • Veröffentlicht 10.09.2024 05:15:12
  • Zuletzt bearbeitet 28.10.2025 18:40:23

SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnera...

6

CVE-2024-34684

  • EPSS 0.11%
  • Veröffentlicht 11.06.2024 03:15:10
  • Zuletzt bearbeitet 21.11.2024 09:19:11

On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative ...

4.3

CVE-2024-33004

  • EPSS 0.06%
  • Veröffentlicht 14.05.2024 16:17:13
  • Zuletzt bearbeitet 23.10.2025 12:21:52

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can ope...

9.3

CVE-2024-28165

  • EPSS 0.37%
  • Veröffentlicht 14.05.2024 16:16:43
  • Zuletzt bearbeitet 23.10.2025 12:20:36

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application

7.3

CVE-2023-42472

  • EPSS 0.22%
  • Veröffentlicht 12.09.2023 02:15:13
  • Zuletzt bearbeitet 21.11.2024 08:22:37

Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading t...

7.5

CVE-2023-27271

  • EPSS 0.35%
  • Veröffentlicht 14.03.2023 06:15:11
  • Zuletzt bearbeitet 21.11.2024 07:52:34

In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.

9.1

CVE-2023-24530

  • EPSS 0.58%
  • Veröffentlicht 14.02.2023 04:15:13
  • Zuletzt bearbeitet 21.11.2024 07:48:04

SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform opera...

7.1

CVE-2023-0020

  • EPSS 0.33%
  • Veröffentlicht 14.02.2023 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:24

SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and li...

8.8

CVE-2023-0022

  • EPSS 0.85%
  • Veröffentlicht 10.01.2023 04:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:24

SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations tha...