Sap Businessobjects Business Intelligence Platform vulnerabilities
6 known vulnerabilities affecting sap/sap_businessobjects_business_intelligence_platform.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-0015MEDIUMCVSS 5.4v4202023-01-10
CVE-2023-0015 [MEDIUM] CWE-79 CVE-2023-0015: In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 42
In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause li
nvd
CVE-2018-2483MEDIUMCVSS 4.3v= 4.1v= 4.22018-11-13
CVE-2018-2483 [MEDIUM] CWE-287 CVE-2018-2483: HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method.
nvd
CVE-2018-2479MEDIUMCVSS 6.1v= 4.1v= 4.22018-11-13
CVE-2018-2479 [MEDIUM] CWE-79 CVE-2018-2479: SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not suf
SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
nvd
CVE-2018-2471HIGHCVSS 7.5v4.10v4.202018-10-09
CVE-2018-2471 [HIGH] CVE-2018-2471: Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.
nvd
CVE-2018-2472MEDIUMCVSS 6.1v4.10v4.202018-10-09
CVE-2018-2472 [MEDIUM] CWE-79 CVE-2018-2472: SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) doe
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
nvd
CVE-2018-2445CRITICALCVSS 9.6v4.1v4.22018-08-14
CVE-2018-2445 [CRITICAL] CWE-918 CVE-2018-2445: AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to ma
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.
nvd