Sap Businessobjects_business_intelligence
45 CVEs affecting Sap Businessobjects_business_intelligence. Latest disclosed: 2025-06-10. Critical: 4, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-40622 | Critical | 9.9 | 2023-09-12 | SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view… |
CVE-2023-28765 | Critical | 9.8 | 2023-04-11 | An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar f… |
CVE-2018-2445 | Critical | 9.6 | 2018-08-14 | AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted request… |
CVE-2023-28762 | Critical | 9.1 | 2023-05-09 | SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token o… |
CVE-2022-41203 | High | 8.8 | 2022-11-08 | In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept… |
CVE-2018-2442 | High | 8.8 | 2018-08-14 | In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details ca… |
CVE-2018-2427 | High | 8.8 | 2018-07-10 | SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attac… |
CVE-2025-23192 | High | 8.2 | 2025-06-10 | SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the vi… |
CVE-2022-32245 | High | 8.2 | 2022-08-10 | SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information pl… |
CVE-2019-0268 | High | 8.1 | 2019-03-12 | SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an… |
CVE-2022-28214 | High | 7.8 | 2022-05-11 | During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon… |
CVE-2024-37179 | High | 7.7 | 2024-10-08 | SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to… |
CVE-2023-37490 | High | 7.6 | 2023-08-08 | SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary… |
CVE-2018-2446 | High | 7.5 | 2018-08-14 | Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence l… |
CVE-2023-27896 | Medium | 6.5 | 2023-03-14 | In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to con… |
CVE-2019-0348 | Medium | 6.5 | 2019-08-14 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality… |
CVE-2019-0346 | Medium | 6.5 | 2019-08-14 | Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list o… |
CVE-2019-0333 | Medium | 6.5 | 2019-08-14 | In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can… |
CVE-2018-2473 | Medium | 6.5 | 2018-11-13 | SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker… |
CVE-2018-2447 | Medium | 6.5 | 2018-08-14 | SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS… |