CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41730 – Missing Authentication check in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-41730
13 Aug 2024 — In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability. In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully comprom... • https://me.sap.com/notes/3479478 • CWE-862: Missing Authorization •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34684 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)
https://notcve.org/view.php?id=CVE-2024-34684
11 Jun 2024 — On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files. En Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) permite que un atacante autenticado con acceso de administrador en el servidor local acceda a la contraseñ... • https://me.sap.com/notes/3441817 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-33004 – Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)
https://notcve.org/view.php?id=CVE-2024-33004
14 May 2024 — SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application. SAP Business Objects Business Intelligence Platform es vulnerable al almacenamiento inseguro, ya que las páginas web dinámicas se almacenan en caché incluso des... • https://me.sap.com/notes/3449093 • CWE-524: Use of Cache Containing Sensitive Information CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28165 – Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-28165
14 May 2024 — SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application La plataforma SAP Business Objects Business Intelligence es vulnerable al XSS almacenado, lo que permite a un atacante manipular un parámetro en la URL de Opendocument, lo que podría tener un alto impacto en la confidencialidad y la integridad de la aplicación. • https://me.sap.com/notes/3431794 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •