Sap Businessobjects_business_intelligence

45 CVEs affecting Sap Businessobjects_business_intelligence. Latest disclosed: 2025-06-10. Critical: 4, High: 10.

Top CVEs affecting Sap Businessobjects_business_intelligence
CVESeverityScorePublishedSummary
CVE-2023-40622Critical9.92023-09-12SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view…
CVE-2023-28765Critical9.82023-04-11An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar f…
CVE-2018-2445Critical9.62018-08-14AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted request…
CVE-2023-28762Critical9.12023-05-09SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token o…
CVE-2022-41203High8.82022-11-08In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept…
CVE-2018-2442High8.82018-08-14In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details ca…
CVE-2018-2427High8.82018-07-10SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attac…
CVE-2025-23192High8.22025-06-10SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the vi…
CVE-2022-32245High8.22022-08-10SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information pl…
CVE-2019-0268High8.12019-03-12SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an…
CVE-2022-28214High7.82022-05-11During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon…
CVE-2024-37179High7.72024-10-08SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to…
CVE-2023-37490High7.62023-08-08SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary…
CVE-2018-2446High7.52018-08-14Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence l…
CVE-2023-27896Medium6.52023-03-14In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to con…
CVE-2019-0348Medium6.52019-08-14SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality…
CVE-2019-0346Medium6.52019-08-14Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list o…
CVE-2019-0333Medium6.52019-08-14In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can…
CVE-2018-2473Medium6.52018-11-13SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker…
CVE-2018-2447Medium6.52018-08-14SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS…