Sap Businessobjects Business Intelligence — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Businessobjects Business Intelligence, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (45)
CVE-2023-40622 — CVSS 9.9 (critical): SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an…
CVE-2023-28765 — CVSS 9.8 (critical): An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get…
CVE-2018-2445 — CVSS 9.6 (critical): AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to…
CVE-2023-28762 — CVSS 9.1 (critical): SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to…
CVE-2018-2427 — CVSS 8.8 (high): SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version…
CVE-2018-2442 — CVSS 8.8 (high): In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the…
CVE-2022-41203 — CVSS 8.8 (high): In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low…
CVE-2022-32245 — CVSS 8.2 (high): SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve…
CVE-2025-23192 — CVSS 8.2 (high): SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a…
CVE-2019-0268 — CVSS 8.1 (high): SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML…
CVE-2022-28214 — CVSS 7.8 (high): During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are…
CVE-2024-37179 — CVSS 7.7 (high): SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence…
CVE-2023-37490 — CVSS 7.6 (high): SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file…
CVE-2018-2446 — CVSS 7.5 (high): Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information…
CVE-2019-0333 — CVSS 6.5 (medium): In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2…
CVE-2023-27896 — CVSS 6.5 (medium): In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the…
CVE-2018-2447 — CVSS 6.5 (medium): SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject…
CVE-2019-0346 — CVSS 6.5 (medium): Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to…
CVE-2019-0348 — CVSS 6.5 (medium): SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection…
CVE-2018-2473 — CVSS 6.5 (medium): SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode…
CVE-2023-30740 — CVSS 6.3 (medium): SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information…
CVE-2018-2431 — CVSS 6.1 (medium): SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in…
CVE-2019-0332 — CVSS 6.1 (medium): SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword…
CVE-2023-30741 — CVSS 6.1 (medium): Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated…
CVE-2019-0326 — CVSS 6.1 (medium): SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode…
CVE-2021-21444 — CVSS 6.1 (medium): SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which…
CVE-2023-31406 — CVSS 6.1 (medium): Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated…
CVE-2022-39800 — CVSS 6.1 (medium): SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to…
CVE-2019-0335 — CVSS 6.1 (medium): Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an…
CVE-2021-33697 — CVSS 6.1 (medium): Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated…
CVE-2023-36917 — CVSS 5.9 (medium): SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to…
CVE-2021-33696 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled…
CVE-2021-21447 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript…
CVE-2022-41206 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send…
CVE-2019-0334 — CVSS 5.4 (medium): When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to…
CVE-2019-0269 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled…
CVE-2018-2432 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to…
CVE-2019-0331 — CVSS 5.3 (medium): Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to…
CVE-2023-37489 — CVSS 5.3 (medium): Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an…
CVE-2022-32244 — CVSS 5.2 (medium): Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal)…
CVE-2023-27894 — CVSS 5.0 (medium): SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS…
CVE-2023-31404 — CVSS 5.0 (medium): Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an…
CVE-2022-35296 — CVSS 4.9 (medium): Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive…
CVE-2023-39440 — CVSS 4.4 (medium): In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions…
CVE-2018-2483 — CVSS 4.3 (medium): HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console…