Skip to main content

Business Objects Business Intelligence Platform

17 CVEs product

Monthly

CVE-2024-42375 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-41731 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-41730 CRITICAL Act Now

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Business Objects Business Intelligence Platform
NVD
CVSS 3.1
9.8
EPSS
75.9%
CVE-2024-28166 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-42478 HIGH This Week

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2023-25617 PyPI HIGH This Week

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Java Command Injection Business Objects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-25616 HIGH This Week

In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Code Injection Business Objects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-23856 MEDIUM This Month

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0015 MEDIUM This Month

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-41267 HIGH This Week

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41263 MEDIUM This Month

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP CSRF Authentication Bypass Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-31596 MEDIUM This Month

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) -. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
6.0
EPSS
0.7%
CVE-2022-39015 MEDIUM This Month

Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-39013 HIGH This Week

Under certain conditions an authenticated attacker can get access to OS credentials. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
7.6
EPSS
0.6%
CVE-2022-32246 MEDIUM This Month

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Business Objects Business Intelligence Platform
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2022-31598 MEDIUM This Month

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-24398 MEDIUM This Month

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
EPSS 0% CVSS 4.3
MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
EPSS 76% CVSS 9.8
CRITICAL Act Now

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Business Objects Business Intelligence Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
EPSS 1% CVSS 7.6
HIGH This Week

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Java Command Injection +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Code Injection Business Objects Business Intelligence Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Objects Business Intelligence Platform
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP CSRF Authentication Bypass +1
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) -. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Business Objects Business Intelligence Platform
NVD
EPSS 1% CVSS 7.6
HIGH This Week

Under certain conditions an authenticated attacker can get access to OS credentials. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Business Objects Business Intelligence Platform
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Business Objects Business Intelligence Platform
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Business Objects Business Intelligence Platform
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy