SAP

Business Objects Business Intelligence Platform

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-23856

  • EPSS 0.22%
  • Veröffentlicht 14.02.2023 04:15:11
  • Zuletzt bearbeitet 21.11.2024 07:46:58

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intellige...

5.4

CVE-2023-0015

  • EPSS 0.35%
  • Veröffentlicht 10.01.2023 04:15:09
  • Zuletzt bearbeitet 21.11.2024 07:36:23

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web ...

8.8

CVE-2022-41267

  • EPSS 0.25%
  • Veröffentlicht 13.12.2022 03:15:09
  • Zuletzt bearbeitet 21.11.2024 07:22:56

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system cau...

4.3

CVE-2022-41263

  • EPSS 0.12%
  • Veröffentlicht 12.12.2022 22:15:10
  • Zuletzt bearbeitet 21.11.2024 07:22:56

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwi...

6

CVE-2022-31596

  • EPSS 0.23%
  • Veröffentlicht 12.12.2022 04:15:09
  • Zuletzt bearbeitet 22.04.2025 18:15:52

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retri...

6.5

CVE-2022-39015

  • EPSS 0.37%
  • Veröffentlicht 11.10.2022 21:15:14
  • Zuletzt bearbeitet 21.11.2024 07:17:22

Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.

7.6

CVE-2022-39013

  • EPSS 0.24%
  • Veröffentlicht 11.10.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 07:17:22

Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact ...

4.9

CVE-2022-32246

  • EPSS 0.37%
  • Veröffentlicht 12.07.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:00

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful e...

5.4

CVE-2022-31598

  • EPSS 0.11%
  • Veröffentlicht 12.07.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:04:49

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a li...

4.7

CVE-2020-6220

  • EPSS 0.15%
  • Veröffentlicht 06.06.2022 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:35:19

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in v...