SAP

Businessobjects Business Intelligence Platform

69 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-29619

  • EPSS 0.24%
  • Veröffentlicht 12.07.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:59:26

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.

6.1

CVE-2022-28216

  • EPSS 2.31%
  • Veröffentlicht 12.04.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:56:58

SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation...

8.1

CVE-2022-28213

Exploit
  • EPSS 12.62%
  • Veröffentlicht 12.04.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:56:57

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from ...

6.5

CVE-2022-27671

  • EPSS 0.77%
  • Veröffentlicht 12.04.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:56:08

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

7.5

CVE-2022-27667

  • EPSS 0.85%
  • Veröffentlicht 12.04.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:56:08

Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

6.5

CVE-2022-22541

  • EPSS 0.29%
  • Veröffentlicht 12.04.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:46:59

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shoul...

5.4

CVE-2021-42061

  • EPSS 0.37%
  • Veröffentlicht 14.12.2021 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:27:10

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some da...

7.5

CVE-2021-40500

  • EPSS 1.21%
  • Veröffentlicht 12.10.2021 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:24:16

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network...

5.4

CVE-2021-33679

  • EPSS 0.16%
  • Veröffentlicht 14.09.2021 12:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:20

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored maliciou...

9.6

CVE-2020-26831

  • EPSS 0.62%
  • Veröffentlicht 09.12.2020 17:15:31
  • Zuletzt bearbeitet 21.11.2024 05:20:21

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitra...