SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.
Max CVSS
7.1
EPSS Score
0.04%
Published
2023-09-12
Updated
2023-09-13
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-05-11
Updated
2022-05-19
SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-06-14
Updated
2019-06-18
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
Max CVSS
7.1
EPSS Score
0.17%
Published
2019-05-14
Updated
2020-08-24
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
Max CVSS
7.6
EPSS Score
0.45%
Published
2019-05-14
Updated
2020-08-24
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
Max CVSS
9.8
EPSS Score
0.53%
Published
2019-02-15
Updated
2019-02-20
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Max CVSS
6.1
EPSS Score
0.13%
Published
2019-02-15
Updated
2019-02-19
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
Max CVSS
7.5
EPSS Score
0.24%
Published
2018-04-10
Updated
2019-10-09
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.
Max CVSS
6.5
EPSS Score
0.14%
Published
2017-12-12
Updated
2017-12-21
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
Max CVSS
10.0
EPSS Score
0.77%
Published
2015-10-15
Updated
2015-10-16
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
Max CVSS
10.0
EPSS Score
0.79%
Published
2014-12-17
Updated
2018-10-09
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.
Max CVSS
7.1
EPSS Score
3.45%
Published
2014-10-16
Updated
2018-10-09
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
Max CVSS
9.0
EPSS Score
0.27%
Published
2010-10-18
Updated
2010-11-03

CVE-2010-0219

Public exploit
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
Max CVSS
10.0
EPSS Score
97.51%
Published
2010-10-18
Updated
2018-10-10
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!