Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Businessobjects_business_intelligence
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 44 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-14 | CVE-2019-0334 | When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting. | Businessobjects_business_intelligence | 5.4 | ||
| 2019-08-14 | CVE-2019-0332 | SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability. | Businessobjects_business_intelligence | 6.1 | ||
| 2019-07-10 | CVE-2019-0326 | SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | Businessobjects_business_intelligence | 6.1 | ||
| 2019-03-12 | CVE-2019-0269 | SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | Businessobjects_business_intelligence | 5.4 | ||
| 2019-03-12 | CVE-2019-0268 | SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source. | Businessobjects_business_intelligence | 8.1 | ||
| 2018-08-14 | CVE-2018-2447 | SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. | Businessobjects_business_intelligence | 6.5 | ||
| 2018-08-14 | CVE-2018-2445 | AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | Businessobjects_business_intelligence | 9.6 | ||
| 2018-08-14 | CVE-2018-2442 | In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. | Businessobjects_business_intelligence, Internet_graphics_server | 8.8 | ||
| 2018-07-10 | CVE-2018-2431 | SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | Businessobjects_business_intelligence | 6.1 | ||
| 2018-07-10 | CVE-2018-2427 | SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | Businessobjects_business_intelligence, Crystal_reports | 8.8 |