Sap Se Sap Businessobjects Business Intelligence vulnerabilities

4 known vulnerabilities affecting sap_se/sap_businessobjects_business_intelligence.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-23192HIGHCVSS 7.6vENTERPRISE 430v2025+1 more2025-06-10
CVE-2025-23192 [HIGH] CWE-79 CVE-2025-23192: SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. Th
cvelistv5nvd
CVE-2023-37490CRITICALCVSS 9.0v420v4302023-08-08
CVE-2023-37490 [CRITICAL] CWE-427 CVE-2023-37490: SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the netw SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the s
cvelistv5nvd
CVE-2023-39440MEDIUMCVSS 4.4v4302023-08-08
CVE-2023-39440 [MEDIUM] CWE-312 CVE-2023-39440: In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular progr In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on
cvelistv5nvd
CVE-2023-23856MEDIUMCVSS 5.4v4302023-02-14
CVE-2023-23856 [MEDIUM] CWE-79 CVE-2023-23856: In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some c In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low imp
cvelistv5nvd