Sap Businessobjects Business Intelligence Platform vulnerabilities

CVE-2023-0015 [MEDIUM] CWE-79 CVE-2023-0015: In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 42 In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause li

CVE-2018-2483 [MEDIUM] CWE-287 CVE-2018-2483: HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method.

CVE-2018-2471 [HIGH] CVE-2018-2471: Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.

CVE-2018-2472 [MEDIUM] CWE-79 CVE-2018-2472: SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) doe SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVE-2018-2445 [CRITICAL] CWE-918 CVE-2018-2445: AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to ma AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.