Sap: >> Businessobjects Business Intelligence Platform >> 4.30 Security Vulnerabilities
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.
CVSS Score
7.5
EPSS Score
0.012
Published
2021-10-12
In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-10
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-03-14