Product:

Businessobjects_business_intelligence_platform

(Sap)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 58
Date Id Summary Products Score Patch Annotated
2021-09-14 CVE-2021-33679 The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity. Businessobjects_business_intelligence_platform 5.4
2020-02-12 CVE-2020-6189 Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure. Businessobjects_business_intelligence_platform 5.3
2020-04-14 CVE-2020-6227 SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. Businessobjects_business_intelligence_platform 7.5
2020-04-14 CVE-2020-6237 Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. Businessobjects_business_intelligence_platform 7.5
2020-04-14 CVE-2020-6195 SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system. Businessobjects_business_intelligence_platform 9.8
2020-05-12 CVE-2020-6247 SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability. Businessobjects_business_intelligence_platform 7.5
2020-05-12 CVE-2020-6251 Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. Businessobjects_business_intelligence_platform 6.5
2020-06-10 CVE-2020-6269 Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. Businessobjects_business_intelligence_platform 6.5
2020-12-09 CVE-2020-26831 SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS). Businessobjects_business_intelligence_platform 9.6
2020-10-20 CVE-2020-6308 SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable... Businessobjects_business_intelligence_platform 5.3