SAP

Business Objects Business Intelligence Platform

21 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.1

CVE-2025-23185

  • EPSS 0.05%
  • Published 11.03.2025 01:15:34
  • Last modified 11.03.2025 01:15:34

Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has ac...

5.8

CVE-2024-45281

  • EPSS 0.03%
  • Published 10.09.2024 05:15:12
  • Last modified 10.09.2024 12:09:50

SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnera...

4.3

CVE-2024-42375

  • EPSS 0.51%
  • Published 13.08.2024 04:15:10
  • Last modified 10.12.2024 07:15:06

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Int...

4.3

CVE-2024-41731

  • EPSS 0.51%
  • Published 13.08.2024 04:15:08
  • Last modified 10.12.2024 07:15:06

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity...

9.8

CVE-2024-41730

  • EPSS 15.34%
  • Published 13.08.2024 04:15:08
  • Last modified 12.09.2024 13:56:51

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impac...

4.3

CVE-2024-28166

  • EPSS 0.51%
  • Published 13.08.2024 04:15:06
  • Last modified 10.12.2024 07:15:04

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Int...

8.1

CVE-2024-28165

  • EPSS 0.49%
  • Published 14.05.2024 16:16:43
  • Last modified 21.11.2024 09:05:56

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application

7.6

CVE-2023-42478

  • EPSS 0.05%
  • Published 12.12.2023 01:15:10
  • Last modified 21.11.2024 08:22:38

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

8.8

CVE-2023-25617

  • EPSS 2.24%
  • Published 14.03.2023 05:15:29
  • Last modified 21.11.2024 07:49:50

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management...

8.8

CVE-2023-25616

  • EPSS 0.47%
  • Published 14.03.2023 05:15:29
  • Last modified 21.11.2024 07:49:50

In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra pri...