Sap Se Sap Business Objects Business Intelligence Platform vulnerabilities

CVE-2025-42988 [LOW] CWE-918 CVE-2025-42988: Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthentica Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no impact on integrity and availability of the application.

CVE-2025-23185 [MEDIUM] CWE-209 CVE-2025-23185: Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical det Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. There is no impa

CVE-2020-6220 [MEDIUM] CWE-79 CVE-2020-6220: BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.

CVE-2022-24398 [MEDIUM] CWE-200 CVE-2022-24398: Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, al Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.

CVE-2020-6294 [CRITICAL] CWE-306 CVE-2020-6294: Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix d Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.

CVE-2020-6269 [MEDIUM] CVE-2020-6269: Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

CVE-2020-6247 [HIGH] CVE-2020-6247: SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.

CVE-2020-6245 [MEDIUM] CWE-99 CVE-2020-6245: SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.

CVE-2020-6195 [CRITICAL] CWE-319 CVE-2020-6195: SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext passwor SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the s

CVE-2020-6237 [HIGH] CVE-2020-6237: Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dsw Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

CVE-2020-6218 [MEDIUM] CVE-2020-6218: Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure.

CVE-2020-6211 [MEDIUM] CWE-601 CVE-2020-6211: SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attac SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.

CVE-2020-6223 [MEDIUM] CWE-601 CVE-2020-6223: The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing.

CVE-2018-2397 [MEDIUM] CWE-79 CVE-2018-2397: In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Manageme In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.