Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Business_objects_business_intelligence_platform
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-13 | CVE-2024-28166 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | Business_objects_business_intelligence_platform | 4.3 | ||
| 2024-08-13 | CVE-2024-41730 | In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability. | Business_objects_business_intelligence_platform | 9.8 | ||
| 2024-08-13 | CVE-2024-42375 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | Business_objects_business_intelligence_platform | 4.3 | ||
| 2024-08-13 | CVE-2024-41731 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | Business_objects_business_intelligence_platform | 4.3 | ||
| 2023-12-12 | CVE-2023-42478 | SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application. | Business_objects_business_intelligence_platform | 7.6 | ||
| 2022-12-12 | CVE-2022-31596 | Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high... | Business_objects_business_intelligence_platform | 6.0 | ||
| 2023-02-14 | CVE-2023-23856 | In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application. | Business_objects_business_intelligence_platform | 5.4 | ||
| 2022-10-11 | CVE-2022-39013 | Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application. | Business_objects_business_intelligence_platform | 7.6 |