CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25245 – Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
https://notcve.org/view.php?id=CVE-2025-25245
11 Mar 2025 — SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. • https://me.sap.com/notes/3557469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-37179 – Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
https://notcve.org/view.php?id=CVE-2024-37179
08 Oct 2024 — SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. • https://me.sap.com/notes/3478615 • CWE-434: Unrestricted Upload of File with Dangerous Type •