SAP » Businessobjects : Security Vulnerabilities, CVEs, CVSS score >= 9
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
Max CVSS
9.8
EPSS Score
0.53%
Published
2019-02-15
Updated
2019-02-20
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
Max CVSS
10.0
EPSS Score
0.77%
Published
2015-10-15
Updated
2015-10-16
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
Max CVSS
10.0
EPSS Score
0.79%
Published
2014-12-17
Updated
2018-10-09
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
Max CVSS
9.0
EPSS Score
0.27%
Published
2010-10-18
Updated
2010-11-03
CVE-2010-0219
Public exploit
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
Max CVSS
10.0
EPSS Score
97.51%
Published
2010-10-18
Updated
2018-10-10
5 vulnerabilities found