Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40623 | 1 Sap | 1 Businessobjects | 2023-12-10 | N/A | 7.1 HIGH |
| SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system. | |||||
| CVE-2023-28764 | 1 Sap | 1 Businessobjects | 2023-12-10 | N/A | 5.9 MEDIUM |
| SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system. | |||||
| CVE-2022-28214 | 1 Sap | 2 Businessobjects, Businessobjects Business Intelligence | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. | |||||
| CVE-2019-0289 | 1 Sap | 1 Businessobjects | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
| Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0303 | 1 Sap | 1 Businessobjects | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed. | |||||
| CVE-2019-0287 | 1 Sap | 1 Businessobjects | 2023-12-10 | 6.8 MEDIUM | 7.6 HIGH |
| Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2019-0259 | 1 Sap | 1 Businessobjects | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. | |||||
| CVE-2019-0251 | 1 Sap | 1 Businessobjects | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2408 | 1 Sap | 1 Businessobjects | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
| Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. | |||||
| CVE-2017-16683 | 1 Sap | 1 Businessobjects | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | |||||
| CVE-2015-7730 | 1 Sap | 3 Businessobjects, Businessobjects Edge, Businessobjects Xi | 2023-12-10 | 10.0 HIGH | N/A |
| SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108. | |||||
| CVE-2014-8309 | 1 Sap | 2 Businessobjects, Businessobjects Xi | 2023-12-10 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. | |||||
| CVE-2014-3134 | 1 Sap | 1 Businessobjects | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-8311 | 1 Sap | 1 Businessobjects | 2023-12-10 | 3.5 LOW | N/A |
| SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. | |||||
| CVE-2014-8310 | 1 Sap | 1 Businessobjects | 2023-12-10 | 7.1 HIGH | N/A |
| The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. | |||||
| CVE-2014-8308 | 1 Sap | 1 Businessobjects | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-9387 | 1 Sap | 1 Businessobjects | 2023-12-10 | 10.0 HIGH | N/A |
| SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | |||||
| CVE-2010-3981 | 1 Sap | 1 Businessobjects | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page. | |||||
| CVE-2010-3980 | 1 Sap | 1 Businessobjects | 2023-12-10 | 4.0 MEDIUM | N/A |
| Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. | |||||
| CVE-2010-3982 | 1 Sap | 1 Businessobjects | 2023-12-10 | 5.0 MEDIUM | N/A |
| SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. | |||||