Sap Business_objects_business_intelligence_platform

18 CVEs affecting Sap Business_objects_business_intelligence_platform. Latest disclosed: 2024-08-13. Critical: 4, High: 2.

Top CVEs affecting Sap Business_objects_business_intelligence_platform
CVESeverityScorePublishedSummary
CVE-2023-25616Critical9.92023-03-14In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerabil…
CVE-2022-41267Critical9.92022-12-13SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server…
CVE-2024-41730Critical9.82024-08-13In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token…
CVE-2023-25617Critical9.02023-03-14SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled…
CVE-2022-39013High7.62022-10-11Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system dat…
CVE-2023-42478High7.52023-12-12SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when open…
CVE-2022-39015Medium6.52022-10-11Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.
CVE-2022-24398Medium6.52022-03-10Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which…
CVE-2022-31596Medium6.02022-12-12Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intel…
CVE-2022-31598Medium5.42022-07-12Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed ope…
CVE-2020-6220Medium4.72022-06-06BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting…
CVE-2023-0015Medium4.62023-01-10In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the he…
CVE-2022-32246Medium4.62022-07-12SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI a…
CVE-2024-42375Medium4.32024-08-13SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by th…
CVE-2023-23856Medium4.32023-02-14In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of t…
CVE-2022-41263Medium4.32022-12-12Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-…
CVE-2024-28166Low3.72024-08-13SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by th…
CVE-2024-41731Low3.12024-08-13SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the ap…