Sap: >> Business Objects Business Intelligence Platform Security Vulnerabilities
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-12-12
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database.
A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.
CVSS Score
6.0
EPSS Score
0.002
Published
2022-12-12
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-10-11
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application.
CVSS Score
7.6
EPSS Score
0.002
Published
2022-10-11
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-07-12
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application
CVSS Score
4.6
EPSS Score
0.004
Published
2022-07-12
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.
CVSS Score
4.4
EPSS Score
0.001
Published
2022-06-06
Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-03-10
Page 2