SAP

Businessobjects Business Intelligence Platform

60 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-35169

  • EPSS 0.43%
  • Published 12.07.2022 21:15:10
  • Last modified 21.11.2024 07:10:51

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the ...

6.5

CVE-2022-29619

  • EPSS 0.24%
  • Published 12.07.2022 21:15:09
  • Last modified 21.11.2024 06:59:26

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.

6.5

CVE-2022-27671

  • EPSS 0.77%
  • Published 12.04.2022 17:15:10
  • Last modified 21.11.2024 06:56:08

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

7.5

CVE-2022-27667

  • EPSS 0.85%
  • Published 12.04.2022 17:15:10
  • Last modified 21.11.2024 06:56:08

Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

8.1

CVE-2022-28213

Exploit
  • EPSS 13.36%
  • Published 12.04.2022 17:15:10
  • Last modified 21.11.2024 06:56:57

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from ...

6.1

CVE-2022-28216

  • EPSS 2.31%
  • Published 12.04.2022 17:15:10
  • Last modified 21.11.2024 06:56:58

SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation...

6.5

CVE-2022-22541

  • EPSS 0.29%
  • Published 12.04.2022 17:15:09
  • Last modified 21.11.2024 06:46:59

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shoul...

5.4

CVE-2021-42061

  • EPSS 0.37%
  • Published 14.12.2021 16:15:09
  • Last modified 21.11.2024 06:27:10

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some da...

7.5

CVE-2021-40500

  • EPSS 1.21%
  • Published 12.10.2021 15:15:09
  • Last modified 21.11.2024 06:24:16

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network...

5.4

CVE-2021-33679

  • EPSS 0.16%
  • Published 14.09.2021 12:15:09
  • Last modified 21.11.2024 06:09:20

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored maliciou...