Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Businessobjects
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-10 | CVE-2018-2408 | Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. | Businessobjects | 7.3 | ||
| 2019-06-14 | CVE-2019-0303 | SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed. | Businessobjects | 6.1 | ||
| 2019-05-14 | CVE-2019-0289 | Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | Businessobjects | 7.1 | ||
| 2019-05-14 | CVE-2019-0287 | Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. | Businessobjects | 7.6 | ||
| 2019-02-15 | CVE-2019-0259 | SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. | Businessobjects | 9.8 | ||
| 2019-02-15 | CVE-2019-0251 | The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | Businessobjects | 6.1 | ||
| 2017-12-12 | CVE-2017-16683 | Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | Businessobjects | 6.5 | ||
| 2015-10-15 | CVE-2015-7730 | SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108. | Businessobjects, Businessobjects_edge, Businessobjects_xi | N/A | ||
| 2014-12-17 | CVE-2014-9387 | SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | Businessobjects | N/A | ||
| 2014-10-16 | CVE-2014-8311 | SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. | Businessobjects | N/A |