CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31598
https://notcve.org/view.php?id=CVE-2022-31598
12 Jul 2022 — Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. Debido a una insuficiente comprobación de entrada, SAP Business Objects - versión 420, permite que un atacante autenticado envíe una petición maliciosa mediante una operación permitida. En caso de... • https://launchpad.support.sap.com/#/notes/3213279 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32246
https://notcve.org/view.php?id=CVE-2022-32246
12 Jul 2022 — SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versiones 420, 430, permite a un atacante autenticado que tenga acceso a l... • https://launchpad.support.sap.com/#/notes/3203079 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6220
https://notcve.org/view.php?id=CVE-2020-6220
06 Jun 2022 — BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. BI Launchpad y CMC en SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS). La... • https://launchpad.support.sap.com/#/notes/2878507 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24398
https://notcve.org/view.php?id=CVE-2022-24398
08 Mar 2022 — Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. En determinadas condiciones, SAP Business Objects Business Intelligence Platform - versiones 420, 430, permite que un atacante autenticado acceda a información que de otro modo estaría restringida • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 5CVE-2010-2103 – Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-2103
27 May 2010 — Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en axis2-admin/axis2-adm... • https://www.exploit-db.com/exploits/12689 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2007-6254
https://notcve.org/view.php?id=CVE-2007-6254
20 Mar 2008 — Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en pila en el control ActiveX SAP Business Objects BusinessObjects RptViewerAX en RptViewerAX.dll de Business Objects 6.5 anterior a CHF74 permite a atacantes remotos ejecutar código de su elección utilizando vectores no especificados. • http://secunia.com/advisories/29437 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •