Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Business_objects_business_intelligence_platform
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-13 | CVE-2024-28166 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | Business_objects_business_intelligence_platform | 4.3 | ||
| 2024-08-13 | CVE-2024-41731 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | Business_objects_business_intelligence_platform | 4.3 | ||
| 2024-08-13 | CVE-2024-42375 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | Business_objects_business_intelligence_platform | 4.3 | ||
| 2022-03-10 | CVE-2022-24398 | Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. | Business_objects_business_intelligence_platform | 6.5 | ||
| 2022-06-06 | CVE-2020-6220 | BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. | Business_objects_business_intelligence_platform | 4.7 | ||
| 2022-07-12 | CVE-2022-31598 | Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | Business_objects_business_intelligence_platform | 5.4 | ||
| 2022-07-12 | CVE-2022-32246 | SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application | Business_objects_business_intelligence_platform | 4.6 | ||
| 2022-10-11 | CVE-2022-39013 | Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application. | Business_objects_business_intelligence_platform | 7.6 |