SAP

Businessobjects Business Intelligence

45 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2025-23192

Media report
  • EPSS 0.17%
  • Published 10.06.2025 00:10:12
  • Last modified 12.06.2025 16:06:39

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker...

6.5

CVE-2024-37179

  • EPSS 0.21%
  • Published 08.10.2024 04:15:06
  • Last modified 14.11.2024 17:35:54

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentia...

9.9

CVE-2023-40622

  • EPSS 0.13%
  • Published 12.09.2023 03:15:12
  • Last modified 21.11.2024 08:19:50

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attac...

5.3

CVE-2023-37489

  • EPSS 0.16%
  • Published 12.09.2023 02:15:12
  • Last modified 21.11.2024 08:11:49

Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no ...

4.4

CVE-2023-39440

  • EPSS 0.03%
  • Published 08.08.2023 01:15:20
  • Last modified 21.11.2024 08:15:25

In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. ...

9

CVE-2023-37490

  • EPSS 0.06%
  • Published 08.08.2023 01:15:18
  • Last modified 21.11.2024 08:11:49

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious fi...

7.5

CVE-2023-36917

  • EPSS 0.07%
  • Published 11.07.2023 03:15:10
  • Last modified 21.11.2024 08:10:55

SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change...

7.6

CVE-2023-30740

  • EPSS 0.15%
  • Published 09.05.2023 02:15:12
  • Last modified 21.11.2024 08:00:48

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limit...

6.1

CVE-2023-30741

  • EPSS 0.19%
  • Published 09.05.2023 02:15:12
  • Last modified 21.11.2024 08:00:48

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can v...

5

CVE-2023-31404

  • EPSS 0.19%
  • Published 09.05.2023 02:15:12
  • Last modified 21.11.2024 08:01:47

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could hav...