NotCVE - vendor:"SAP SE" product:"SAP BusinessObjects Business Intelligence Platform"

13 results (0.002 seconds)

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-0064 – Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)

https://notcve.org/view.php?id=CVE-2025-0064

11 Feb 2025 — Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability. • https://me.sap.com/notes/3525794 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0

CVE-2025-0061 – Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform

https://notcve.org/view.php?id=CVE-2025-0061

14 Jan 2025 — SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application. • https://me.sap.com/notes/3474398 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

CVE-2025-0060 – Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform

https://notcve.org/view.php?id=CVE-2025-0060

14 Jan 2025 — SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged user causing high impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3474398 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-32732 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

https://notcve.org/view.php?id=CVE-2024-32732

10 Dec 2024 — Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application. • https://me.sap.com/notes/3524933 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-37179 – Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

https://notcve.org/view.php?id=CVE-2024-37179

08 Oct 2024 — SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. • https://me.sap.com/notes/3478615 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-45281 – DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform

https://notcve.org/view.php?id=CVE-2024-45281

10 Sep 2024 — SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3425287 • CWE-426: Untrusted Search Path •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-41731 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

https://notcve.org/view.php?id=CVE-2024-41731

13 Aug 2024 — SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the ... • https://me.sap.com/notes/3433545 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-28166 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

https://notcve.org/view.php?id=CVE-2024-28166

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-42375 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

https://notcve.org/view.php?id=CVE-2024-42375

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-41730 – Missing Authentication check in SAP BusinessObjects Business Intelligence Platform

https://notcve.org/view.php?id=CVE-2024-41730

13 Aug 2024 — In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability. In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully comprom... • https://me.sap.com/notes/3479478 • CWE-862: Missing Authorization •

1 2