SAP

Businessobjects Business Intelligence Platform

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-0018

  • EPSS 1.01%
  • Veröffentlicht 10.01.2023 04:15:09
  • Zuletzt bearbeitet 21.11.2024 07:36:24

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a mal...

5.3

CVE-2022-39014

  • EPSS 0.28%
  • Veröffentlicht 13.09.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 07:17:22

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.

8.8

CVE-2022-35228

  • EPSS 0.18%
  • Veröffentlicht 12.07.2022 21:15:11
  • Zuletzt bearbeitet 21.11.2024 07:10:56

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, li...

6.5

CVE-2022-35169

  • EPSS 0.43%
  • Veröffentlicht 12.07.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:10:51

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the ...

6.5

CVE-2022-29619

  • EPSS 0.18%
  • Veröffentlicht 12.07.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:59:26

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.

8.1

CVE-2022-28213

Exploit
  • EPSS 12.62%
  • Veröffentlicht 12.04.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:56:57

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from ...

7.5

CVE-2022-27667

  • EPSS 1.15%
  • Veröffentlicht 12.04.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:56:08

Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

6.5

CVE-2022-27671

  • EPSS 0.97%
  • Veröffentlicht 12.04.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:56:08

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

6.1

CVE-2022-28216

  • EPSS 2.31%
  • Veröffentlicht 12.04.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:56:58

SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation...

6.5

CVE-2022-22541

  • EPSS 0.29%
  • Veröffentlicht 12.04.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:46:59

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shoul...