SAP BusinessObjects Business Intelligence Platform

4.10

MAJOR_MINOR 2 CVEs

420

SINGLE_NUMBER 1 CVE

4.20

MAJOR_MINOR 2 CVEs

= 4.1

OTHER 1 CVE

4.2

MAJOR_MINOR 1 CVE

= 4.2

OTHER 1 CVE

4.1

MAJOR_MINOR 1 CVE

CVE-2023-0015

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

MEDIUM Jan 10, 2023

CVE-2018-2483

HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method.

UNKNOWN Nov 13, 2018

CVE-2018-2471

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.

UNKNOWN Oct 09, 2018

CVE-2018-2472

SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

UNKNOWN Oct 09, 2018

CVE-2018-2445

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.

UNKNOWN Aug 14, 2018