Every CVE whose affected-product data names Sap Businessobjects, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2010-0219 — CVSS 10.0 (critical): Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default…
CVE-2014-9387 — CVSS 10.0 (critical): SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a…
CVE-2015-7730 — CVSS 10.0 (critical): SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a…
CVE-2019-0259 — CVSS 9.8 (critical): SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without…
CVE-2010-3983 — CVSS 9.0 (critical): CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job…
CVE-2022-28214 — CVSS 7.8 (high): During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are…
CVE-2019-0287 — CVSS 7.6 (high): Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an…
CVE-2018-2408 — CVSS 7.3 (high): Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of…
CVE-2019-0289 — CVSS 7.1 (high): Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker…
CVE-2014-8310 — CVSS 7.1 (high): The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via…
CVE-2017-16683 — CVSS 6.5 (medium): Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate…
CVE-2023-40623 — CVSS 6.2 (medium): SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary…
CVE-2019-0303 — CVSS 6.1 (medium): SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting…
CVE-2019-0251 — CVSS 6.1 (medium): The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in…
CVE-2010-3982 — CVSS 5.0 (medium): SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and…
CVE-2010-3979 — CVSS 5.0 (medium): Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a…
CVE-2014-8309 — CVSS 5.0 (medium): SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time…
CVE-2010-3981 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or…
CVE-2014-3134 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web…
CVE-2014-8308 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to…
CVE-2010-3980 — CVSS 4.0 (medium): Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote…
CVE-2023-28764 — CVSS 3.7 (low): SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over…
CVE-2014-8311 — CVSS 3.5 (low): SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.