Sap Business Objects Business Intelligence Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Business Objects Business Intelligence Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2023-25616 — CVSS 9.9 (critical): In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code…
CVE-2022-41267 — CVSS 9.9 (critical): SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on…
CVE-2024-41730 — CVSS 9.8 (critical): In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user…
CVE-2023-25617 — CVSS 9.0 (critical): SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects…
CVE-2022-39013 — CVSS 7.6 (high): Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker…
CVE-2023-42478 — CVSS 7.5 (high): SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the…
CVE-2022-24398 — CVSS 6.5 (medium): Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to…
CVE-2022-39015 — CVSS 6.5 (medium): Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.
CVE-2022-31596 — CVSS 6.0 (medium): Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP…
CVE-2022-31598 — CVSS 5.4 (medium): Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request…
CVE-2020-6220 — CVSS 4.7 (medium): BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode…
CVE-2023-0015 — CVSS 4.6 (medium): In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong…
CVE-2022-32246 — CVSS 4.6 (medium): SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker…
CVE-2023-23856 — CVSS 4.3 (medium): In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content…
CVE-2022-41263 — CVSS 4.3 (medium): Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows…
CVE-2024-42375 — CVSS 4.3 (medium): SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could…
CVE-2024-28166 — CVSS 3.7 (low): SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could…
CVE-2024-41731 — CVSS 3.1 (low): SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could…