Sap Business_objects_business_intelligence_platform
18 CVEs affecting Sap Business_objects_business_intelligence_platform. Latest disclosed: 2024-08-13. Critical: 4, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-25616 | Critical | 9.9 | 2023-03-14 | In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerabil… |
CVE-2022-41267 | Critical | 9.9 | 2022-12-13 | SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server… |
CVE-2024-41730 | Critical | 9.8 | 2024-08-13 | In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token… |
CVE-2023-25617 | Critical | 9.0 | 2023-03-14 | SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled… |
CVE-2022-39013 | High | 7.6 | 2022-10-11 | Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system dat… |
CVE-2023-42478 | High | 7.5 | 2023-12-12 | SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when open… |
CVE-2022-39015 | Medium | 6.5 | 2022-10-11 | Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. |
CVE-2022-24398 | Medium | 6.5 | 2022-03-10 | Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which… |
CVE-2022-31596 | Medium | 6.0 | 2022-12-12 | Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intel… |
CVE-2022-31598 | Medium | 5.4 | 2022-07-12 | Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed ope… |
CVE-2020-6220 | Medium | 4.7 | 2022-06-06 | BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting… |
CVE-2023-0015 | Medium | 4.6 | 2023-01-10 | In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the he… |
CVE-2022-32246 | Medium | 4.6 | 2022-07-12 | SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI a… |
CVE-2024-42375 | Medium | 4.3 | 2024-08-13 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by th… |
CVE-2023-23856 | Medium | 4.3 | 2023-02-14 | In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of t… |
CVE-2022-41263 | Medium | 4.3 | 2022-12-12 | Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-… |
CVE-2024-28166 | Low | 3.7 | 2024-08-13 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by th… |
CVE-2024-41731 | Low | 3.1 | 2024-08-13 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the ap… |