CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-37179 – Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
https://notcve.org/view.php?id=CVE-2024-37179
08 Oct 2024 — SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. • https://me.sap.com/notes/3478615 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-25646 – Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence
https://notcve.org/view.php?id=CVE-2024-25646
09 Apr 2024 — Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application. Debido a una validación incorrecta, SAP BusinessObject Business Intelligence Launch Pad permite que un atacante autenticado acceda a información del sistema operativo mediante un documento manipulado. Una explotación exitosa podría t... • https://me.sap.com/notes/3421384 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42476 – Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence
https://notcve.org/view.php?id=CVE-2023-42476
12 Dec 2023 — SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases. SAP Business Objects Web Intelligence: versión 420, permite a un atacante autenticado inyectar código JavaScript en docum... • https://me.sap.com/notes/3382353 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42474 – Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence
https://notcve.org/view.php?id=CVE-2023-42474
10 Oct 2023 — SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information. SAP BusinessObjects Web Intelligence - versión 420, tiene una URL con un parámetro que podría ser vulnerable a un ataque XSS. El atacante podría enviar un enlace malicioso a un usuario que posiblemente le permitiría recuperar información confidencial. • https://me.sap.com/notes/3372991 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22546
https://notcve.org/view.php?id=CVE-2022-22546
09 Feb 2022 — Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420. Debido a una codificación HTML inapropiada en el resumen del control de entrada, un atacante autorizado puede ejecutar una vulnerabilidad de tipo XSS en SAP Business Objects Web Intelligence (BI Launchpad) - versión 420 • https://launchpad.support.sap.com/#/notes/3126748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-33667
https://notcve.org/view.php?id=CVE-2021-33667
14 Jul 2021 — Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted. Bajo determinadas condiciones, SAP Business Objects Web Intelligence (BI Launchpad) versiones 420 y 430, permiten a un atacante acceder al código fuente jsp, mediante llamadas al SDK, del paquete Analytical Reporting, una parte de la aplicaci... • https://launchpad.support.sap.com/#/notes/3044751 •