SAP

Businessobjects Business Intelligence

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-31406

  • EPSS 0.25%
  • Veröffentlicht 09.05.2023 02:15:12
  • Zuletzt bearbeitet 21.11.2024 08:01:47

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can v...

7.2

CVE-2023-28762

  • EPSS 0.15%
  • Veröffentlicht 09.05.2023 01:15:08
  • Zuletzt bearbeitet 21.11.2024 07:55:57

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can imp...

9.8

CVE-2023-28765

  • EPSS 10.1%
  • Veröffentlicht 11.04.2023 03:15:07
  • Zuletzt bearbeitet 21.11.2024 07:55:57

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s password...

7.5

CVE-2023-27896

  • EPSS 0.14%
  • Veröffentlicht 14.03.2023 06:15:12
  • Zuletzt bearbeitet 21.11.2024 07:53:39

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.

5.3

CVE-2023-27894

  • EPSS 0.18%
  • Veröffentlicht 14.03.2023 06:15:12
  • Zuletzt bearbeitet 21.11.2024 07:53:39

SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On success...

8.8

CVE-2022-41203

  • EPSS 1.02%
  • Veröffentlicht 08.11.2022 22:15:17
  • Zuletzt bearbeitet 21.11.2024 07:22:49

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized obje...

5.4

CVE-2022-41206

  • EPSS 0.96%
  • Veröffentlicht 11.10.2022 21:15:26
  • Zuletzt bearbeitet 20.05.2025 15:15:48

SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful ...

6.1

CVE-2022-39800

  • EPSS 3.39%
  • Veröffentlicht 11.10.2022 21:15:14
  • Zuletzt bearbeitet 21.11.2024 07:18:16

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker c...

4.9

CVE-2022-35296

  • EPSS 0.35%
  • Veröffentlicht 11.10.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 07:11:04

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access ...

5.2

CVE-2022-32244

  • EPSS 0.18%
  • Veröffentlicht 13.09.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 07:06:00

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privi...