Sap_se Sap Businessobjects Business Intelligence Platform
22 CVEs affecting Sap_se Sap Businessobjects Business Intelligence Platform. Latest disclosed: 2026-05-12. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-41730 | Critical | 9.8 | 2024-08-13 | In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token… |
CVE-2025-0061 | High | 8.7 | 2025-01-14 | SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interactio… |
CVE-2023-0020 | High | 8.5 | 2023-02-14 | SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise res… |
CVE-2024-28165 | High | 8.1 | 2024-05-14 | SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which c… |
CVE-2026-0508 | High | 7.3 | 2026-02-10 | The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Up… |
CVE-2025-31332 | Medium | 6.6 | 2025-04-08 | Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files poten… |
CVE-2025-0060 | Medium | 6.5 | 2025-01-14 | SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive inf… |
CVE-2023-30740 | Medium | 6.3 | 2023-05-09 | SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise res… |
CVE-2023-31406 | Medium | 6.1 | 2023-05-09 | Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect us… |
CVE-2023-30741 | Medium | 6.1 | 2023-05-09 | Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect us… |
CVE-2023-36917 | Medium | 5.9 | 2023-07-11 | SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass th… |
CVE-2024-45281 | Medium | 5.8 | 2024-09-10 | SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally s… |
CVE-2026-0502 | Medium | 5.4 | 2026-05-12 | Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send uninte… |
CVE-2025-42896 | Medium | 5.4 | 2025-12-09 | SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the lo… |
CVE-2024-32732 | Medium | 5.3 | 2024-12-10 | Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This h… |
CVE-2025-0062 | Medium | 4.7 | 2025-03-11 | SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the… |
CVE-2024-42375 | Medium | 4.3 | 2024-08-13 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by th… |
CVE-2026-24318 | Medium | 4.2 | 2026-04-14 | Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid sess… |
CVE-2026-27683 | Medium | 4.1 | 2026-04-14 | SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a vic… |
CVE-2024-28166 | Low | 3.7 | 2024-08-13 | SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by th… |