SAP

Businessobjects Business Intelligence

45 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-31406

  • EPSS 0.25%
  • Published 09.05.2023 02:15:12
  • Last modified 21.11.2024 08:01:47

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can v...

7.2

CVE-2023-28762

  • EPSS 0.15%
  • Published 09.05.2023 01:15:08
  • Last modified 21.11.2024 07:55:57

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can imp...

9.8

CVE-2023-28765

  • EPSS 10.1%
  • Published 11.04.2023 03:15:07
  • Last modified 21.11.2024 07:55:57

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s password...

7.5

CVE-2023-27896

  • EPSS 0.14%
  • Published 14.03.2023 06:15:12
  • Last modified 21.11.2024 07:53:39

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.

5.3

CVE-2023-27894

  • EPSS 0.18%
  • Published 14.03.2023 06:15:12
  • Last modified 21.11.2024 07:53:39

SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On success...

8.8

CVE-2022-41203

  • EPSS 1.02%
  • Published 08.11.2022 22:15:17
  • Last modified 21.11.2024 07:22:49

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized obje...

5.4

CVE-2022-41206

  • EPSS 0.96%
  • Published 11.10.2022 21:15:26
  • Last modified 20.05.2025 15:15:48

SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful ...

6.1

CVE-2022-39800

  • EPSS 3.39%
  • Published 11.10.2022 21:15:14
  • Last modified 21.11.2024 07:18:16

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker c...

4.9

CVE-2022-35296

  • EPSS 0.35%
  • Published 11.10.2022 21:15:13
  • Last modified 21.11.2024 07:11:04

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access ...

5.2

CVE-2022-32244

  • EPSS 0.18%
  • Published 13.09.2022 20:15:09
  • Last modified 21.11.2024 07:06:00

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privi...