SAP

Businessobjects Business Intelligence

45 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2022-32245

  • EPSS 0.6%
  • Published 10.08.2022 20:15:47
  • Last modified 21.11.2024 07:06:00

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data avail...

7.8

CVE-2022-28214

  • EPSS 0.03%
  • Published 11.05.2022 15:15:09
  • Last modified 21.11.2024 06:56:57

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidential...

6.1

CVE-2021-33697

  • EPSS 0.24%
  • Published 15.09.2021 19:15:09
  • Last modified 21.11.2024 06:09:23

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

5.4

CVE-2021-33696

  • EPSS 0.16%
  • Published 15.09.2021 19:15:09
  • Last modified 21.11.2024 06:09:23

SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or m...

6.1

CVE-2021-21444

  • EPSS 0.17%
  • Published 09.02.2021 21:15:13
  • Last modified 21.11.2024 05:48:23

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options h...

5.4

CVE-2021-21447

  • EPSS 0.26%
  • Published 12.01.2021 15:15:14
  • Last modified 21.11.2024 05:48:23

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant...

6.5

CVE-2019-0348

  • EPSS 0.13%
  • Published 14.08.2019 14:15:16
  • Last modified 21.11.2024 04:16:43

SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted.

6.5

CVE-2019-0346

  • EPSS 0.18%
  • Published 14.08.2019 14:15:16
  • Last modified 21.11.2024 04:16:43

Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Dis...

6.1

CVE-2019-0335

  • EPSS 0.28%
  • Published 14.08.2019 14:15:15
  • Last modified 21.11.2024 04:16:42

Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered...

5.4

CVE-2019-0334

  • EPSS 0.26%
  • Published 14.08.2019 14:15:15
  • Last modified 21.11.2024 04:16:42

When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via sessio...