CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31332 – Insecure File permissions vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2025-31332
08 Apr 2025 — Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on integrity and availability. However, this vulnerability does not disclose any sensitive data. Debido a la falta de seguridad en los permisos de archivo de SAP BusinessObjects Business Intelligence Platform, un atacante con acceso local al sistema podría modificar ... • https://me.sap.com/notes/3565751 • CWE-277: Insecure Inherited Permissions •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25245 – Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
https://notcve.org/view.php?id=CVE-2025-25245
11 Mar 2025 — SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. • https://me.sap.com/notes/3557469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0062 – Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
https://notcve.org/view.php?id=CVE-2025-0062
11 Mar 2025 — SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Manag... • https://me.sap.com/notes/3557459 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0064 – Improper Authorization in SAP BusinessObjects Business Intelligence platform (Central Management Console)
https://notcve.org/view.php?id=CVE-2025-0064
11 Feb 2025 — Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability. • https://me.sap.com/notes/3525794 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0061 – Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2025-0061
14 Jan 2025 — SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application. • https://me.sap.com/notes/3474398 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0060 – Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2025-0060
14 Jan 2025 — SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged user causing high impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3474398 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32732 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
https://notcve.org/view.php?id=CVE-2024-32732
10 Dec 2024 — Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application. • https://me.sap.com/notes/3524933 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-37179 – Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
https://notcve.org/view.php?id=CVE-2024-37179
08 Oct 2024 — SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. • https://me.sap.com/notes/3478615 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45281 – DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-45281
10 Sep 2024 — SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3425287 • CWE-426: Untrusted Search Path •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41731 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-41731
13 Aug 2024 — SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the ... • https://me.sap.com/notes/3433545 • CWE-434: Unrestricted Upload of File with Dangerous Type •