SAP Business Objects Business Intelligence Platform

< 420

OTHER 1 CVE

< 430

OTHER 1 CVE

4.30

MAJOR_MINOR 1 CVE

4.10

MAJOR_MINOR 1 CVE

4.20

MAJOR_MINOR 1 CVE

4.00

MAJOR_MINOR 1 CVE

< 4.2

OTHER 9 CVEs

< 4.1

OTHER 5 CVEs

4.2

MAJOR_MINOR 1 CVE

4.1

MAJOR_MINOR 1 CVE

< 4.3

OTHER 1 CVE

CVE-2020-6220

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.

MEDIUM Jun 06, 2022

CVE-2022-24398

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.

UNKNOWN Mar 08, 2022

CVE-2020-6294

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.

HIGH Aug 12, 2020

CVE-2020-6269

Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

MEDIUM Jun 10, 2020

CVE-2020-6247

SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.

MEDIUM May 12, 2020

CVE-2020-6245

SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.

MEDIUM May 12, 2020

CVE-2020-6211

SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.

MEDIUM Apr 14, 2020

CVE-2020-6195

SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.

MEDIUM Apr 14, 2020

CVE-2020-6237

Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

HIGH Apr 14, 2020

CVE-2020-6223

The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing.

MEDIUM Apr 14, 2020