Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
sap_se

SAP BusinessObjects Business Intelligence Platform

7 Versions 15 CVEs

Versions

420

SINGLE_NUMBER 4 CVEs

4.20

MAJOR_MINOR 1 CVE

ENTERPRISE 430

OTHER 5 CVEs

440

SINGLE_NUMBER 3 CVEs

2025

SINGLE_NUMBER 6 CVEs

ENTERPRISE 420

OTHER 3 CVEs

430

SINGLE_NUMBER 10 CVEs

Recent CVEs

CVE-2024-32732

Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application.

MEDIUM Dec 10, 2024

CVE-2024-41731

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.

LOW Aug 13, 2024

CVE-2024-28166

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.

LOW Aug 13, 2024

CVE-2024-42375

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.

MEDIUM Aug 13, 2024

CVE-2024-28165

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application

HIGH May 14, 2024

CVE-2023-36917

SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim’s account.

MEDIUM Jul 11, 2023

CVE-2023-31406

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

MEDIUM May 09, 2023

CVE-2023-30741

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

MEDIUM May 09, 2023

CVE-2023-30740

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity and availability of the application.

MEDIUM May 09, 2023

CVE-2023-0020

SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and limited impact on integrity of the application.

HIGH Feb 14, 2023