Sap Businessobjects Business Intelligence Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Businessobjects Business Intelligence Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (73)
CVE-2023-0018 — CVSS 10.0 (critical): Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application -…
CVE-2023-0022 — CVSS 9.9 (critical): SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be…
CVE-2020-6242 — CVSS 9.8 (critical): SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on…
CVE-2020-6195 — CVSS 9.8 (critical): SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to…
CVE-2020-26831 — CVSS 9.6 (critical): SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during…
CVE-2020-6294 — CVSS 9.1 (critical): Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication…
CVE-2019-0398 — CVSS 8.8 (high): Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2…
CVE-2020-6219 — CVSS 8.8 (high): SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version…
CVE-2022-35228 — CVSS 8.8 (high): SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be…
CVE-2025-0061 — CVSS 8.7 (high): SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without…
CVE-2025-0064 — CVSS 8.7 (high): Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with…
CVE-2023-42472 — CVSS 8.7 (high): Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version…
CVE-2023-0020 — CVSS 8.5 (high): SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information…
CVE-2023-24530 — CVSS 8.4 (high): SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code…
CVE-2022-28213 — CVSS 8.1 (high): When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently…
CVE-2024-28165 — CVSS 8.1 (high): SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the…
CVE-2020-6247 — CVSS 7.5 (high): SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from…
CVE-2019-0352 — CVSS 7.5 (high): In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which…
CVE-2026-0490 — CVSS 7.5 (high): SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks…
CVE-2026-0485 — CVSS 7.5 (high): SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content…
CVE-2020-6227 — CVSS 7.5 (high): SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP…
CVE-2021-40500 — CVSS 7.5 (high): SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit…
CVE-2020-6237 — CVSS 7.5 (high): Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an…
CVE-2018-2471 — CVSS 7.5 (high): Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which…
CVE-2022-27667 — CVSS 7.5 (high): Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an…
CVE-2026-0508 — CVSS 7.3 (high): The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within…
CVE-2019-0396 — CVSS 7.1 (high): SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not…
CVE-2020-6245 — CVSS 6.7 (medium): SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code…
CVE-2025-31332 — CVSS 6.6 (medium): Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system…
CVE-2026-24324 — CVSS 6.5 (medium): SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific…
CVE-2020-6251 — CVSS 6.5 (medium): Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access…
CVE-2020-6269 — CVSS 6.5 (medium): Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which…
CVE-2022-22541 — CVSS 6.5 (medium): SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see…
CVE-2022-29619 — CVSS 6.5 (medium): Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit…
CVE-2023-27271 — CVSS 6.5 (medium): In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server…
CVE-2025-0060 — CVSS 6.5 (medium): SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which…
CVE-2022-28216 — CVSS 6.1 (medium): SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an…
CVE-2020-6281 — CVSS 6.1 (medium): SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs…
CVE-2020-6211 — CVSS 6.1 (medium): SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious…
CVE-2020-6216 — CVSS 6.1 (medium): SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs…
CVE-2020-6276 — CVSS 6.1 (medium): SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting…
CVE-2020-6223 — CVSS 6.1 (medium): The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error…
CVE-2022-35169 — CVSS 6.0 (medium): SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and…
CVE-2024-45281 — CVSS 5.8 (medium): SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs…
CVE-2020-6222 — CVSS 5.4 (medium): SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode…
CVE-2020-6221 — CVSS 5.4 (medium): Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode…
CVE-2020-6257 — CVSS 5.4 (medium): SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs…
CVE-2020-6312 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a…
CVE-2021-33679 — CVSS 5.4 (medium): The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script…
CVE-2020-6231 — CVSS 5.4 (medium): SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode…
CVE-2021-42061 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs…
CVE-2020-6226 — CVSS 5.4 (medium): SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode…
CVE-2019-0376 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently…
CVE-2019-0375 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently…
CVE-2019-0374 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently…
CVE-2019-0395 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text…
CVE-2018-2397 — CVSS 5.4 (medium): In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently…
CVE-2019-0382 — CVSS 5.4 (medium): A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related…
CVE-2019-0378 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode…
CVE-2025-25245 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly…
CVE-2019-0377 — CVSS 5.4 (medium): SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode…
CVE-2020-6278 — CVSS 5.4 (medium): SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious…
CVE-2022-39014 — CVSS 5.3 (medium): Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an…
CVE-2020-6189 — CVSS 5.3 (medium): Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give…
CVE-2020-6308 — CVSS 5.3 (medium): SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject…
CVE-2024-32732 — CVSS 5.3 (medium): Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise…
CVE-2020-6288 — CVSS 5.3 (medium): SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to…
CVE-2020-6218 — CVSS 5.0 (medium): Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access…
CVE-2020-6300 — CVSS 4.8 (medium): SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator…
CVE-2024-33004 — CVSS 4.3 (medium): SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after…
CVE-2025-42988 — CVSS 3.7 (low): Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP…
CVE-2024-34684 — CVSS 3.7 (low): On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the…