43 results (0.005 seconds)

CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. • https://me.sap.com/notes/3478615 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3425287 https://url.sap/sapsecuritypatchday • CWE-426: Untrusted Search Path •

CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •