CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34684 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)
https://notcve.org/view.php?id=CVE-2024-34684
11 Jun 2024 — On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files. En Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) permite que un atacante autenticado con acceso de administrador en el servidor local acceda a la contraseñ... • https://me.sap.com/notes/3441817 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-33004 – Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)
https://notcve.org/view.php?id=CVE-2024-33004
14 May 2024 — SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application. SAP Business Objects Business Intelligence Platform es vulnerable al almacenamiento inseguro, ya que las páginas web dinámicas se almacenan en caché incluso des... • https://me.sap.com/notes/3449093 • CWE-524: Use of Cache Containing Sensitive Information CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28165 – Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-28165
14 May 2024 — SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application La plataforma SAP Business Objects Business Intelligence es vulnerable al XSS almacenado, lo que permite a un atacante manipular un parámetro en la URL de Opendocument, lo que podría tener un alto impacto en la confidencialidad y la integridad de la aplicación. • https://me.sap.com/notes/3431794 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40622 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)
https://notcve.org/view.php?id=CVE-2023-40622
12 Sep 2023 — SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability. SAP BusinessObjects Business Intelligence Platform (Promotion Management): las versiones 420, 430, bajo ciertas condiciones, permiten a un atacante... • https://me.sap.com/notes/3320355 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37489 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)
https://notcve.org/view.php?id=CVE-2023-37489
12 Sep 2023 — Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity. Debido a la falta de validación, SAP BusinessObjects Business Intelligence Platform (Version Management System) - versión 403, permite que un usuario no autenticado lea el fragmento de código a través de la ... • https://me.sap.com/notes/3352453 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-37490 – Binary hijack in SAP BusinessObjects Business Intelligence (Installer)
https://notcve.org/view.php?id=CVE-2023-37490
08 Aug 2023 — SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system • https://me.sap.com/notes/3317710 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36917 – Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2023-36917
11 Jul 2023 — SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim’s account. • https://me.sap.com/notes/3320702 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31406 – Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2023-31406
09 May 2023 — Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. • https://launchpad.support.sap.com/#/notes/3319400 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31404 – Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)
https://notcve.org/view.php?id=CVE-2023-31404
09 May 2023 — Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted. Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker t... • https://launchpad.support.sap.com/#/notes/3038911 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-30741 – Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2023-30741
09 May 2023 — Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. • https://launchpad.support.sap.com/#/notes/3309935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •