cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-32732,https://securityvulnerability.io/vulnerability/CVE-2024-32732,SAP BusinessObjects Business Intelligence Platform Vulnerability,Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application.,SAP,SAP Businessobjects Business Intelligence Platform,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T00:11:33.815Z,0
CVE-2024-37179,https://securityvulnerability.io/vulnerability/CVE-2024-37179,SAP BusinessObjects Vulnerability Allows Data Theft,"SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence),6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-10-08T03:21:02.936Z,0
CVE-2024-45281,https://securityvulnerability.io/vulnerability/CVE-2024-45281,High Privilege User Vulnerability Affects Confidentiality and Integrity of Application,SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application.,SAP,SAP Businessobjects Business Intelligence Platform,5.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T04:32:43.378Z,0
CVE-2024-41731,https://securityvulnerability.io/vulnerability/CVE-2024-41731,SAP BusinessObjects BI Platform Exposes Organizations to Code Injection Risk,"SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload malicious code over the
network, that could be executed by the application. On successful exploitation,
the attacker can cause a low impact on the Integrity of the application.",SAP,SAP Businessobjects Business Intelligence Platform,4.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-08-13T04:07:28.131Z,0
CVE-2024-28166,https://securityvulnerability.io/vulnerability/CVE-2024-28166,SAP BusinessObjects Vulnerability: Malicious Code Upload,"SAP BusinessObjects Business Intelligence
  Platform allows an authenticated attacker to upload malicious code over the
  network, that could be executed by the application. On successful
  exploitation, the attacker can cause a low impact on the Integrity of the
  application.",SAP,SAP Businessobjects Business Intelligence Platform,4.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-08-13T04:05:24.442Z,0
CVE-2024-42375,https://securityvulnerability.io/vulnerability/CVE-2024-42375,SAP BusinessObjects Vulnerable to Malicious Code Execution,"SAP BusinessObjects Business Intelligence
  Platform allows an authenticated attacker to upload malicious code over the
  network, that could be executed by the application. On successful exploitation,
  the attacker can cause a low impact on the Integrity of the application.",SAP,SAP Businessobjects Business Intelligence Platform,4.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-08-13T04:03:26.192Z,0
CVE-2024-41730,https://securityvulnerability.io/vulnerability/CVE-2024-41730,"Unauthorized Access via REST Endpoint poses High Risk to Confidentiality, Integrity, and Availability","In SAP BusinessObjects Business Intelligence Platform, a vulnerability exists that allows an unauthorized user to obtain a logon token when Single Sign-On is enabled with Enterprise authentication. This exploit makes it possible for attackers to gain access and potentially compromise the system while impacting essential security aspects such as confidentiality, integrity, and availability. Organizations using vulnerable versions must take immediate action to mitigate risks associated with this security flaw.",SAP,SAP Businessobjects Business Intelligence Platform,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-08-13T03:31:37.327Z,0
CVE-2024-34684,https://securityvulnerability.io/vulnerability/CVE-2024-34684,SAP BusinessObjects Scheduling Vulnerability Allows Authenticated Attacker to Access Password,"On Unix, SAP BusinessObjects Business
Intelligence Platform (Scheduling) allows an authenticated attacker with
administrator access on the local server to access the password of a local
account. As a result, an attacker can obtain non-administrative user
credentials, which will allow them to read or modify the remote server files.",SAP,SAP Businessobjects Business Intelligence Platform,6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T02:20:31.354Z,0
CVE-2024-33004,https://securityvulnerability.io/vulnerability/CVE-2024-33004,SAP Business Objects Platform Vulnerable to Insecure Storage,"SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.",SAP,SAP Businessobjects Business Intelligence Platform (webservices),4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T04:00:25.081Z,0
CVE-2024-28165,https://securityvulnerability.io/vulnerability/CVE-2024-28165,SAP Business Objects Platform Vulnerable to Stored XSS Attacks,"The SAP Business Objects Business Intelligence Platform is susceptible to a stored cross-site scripting (XSS) vulnerability that permits an attacker to manipulate parameters within the Opendocument URL. This security flaw can lead to severe repercussions on the confidentiality and integrity of the application, potentially allowing unauthorized access or manipulation of sensitive information. Users and organizations utilizing this platform are advised to reference SAP's security updates and implement necessary measures to mitigate the risks associated with this vulnerability.",SAP,SAP Businessobjects Business Intelligence Platform,8.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T03:51:20.267Z,0
CVE-2023-42476,https://securityvulnerability.io/vulnerability/CVE-2023-42476,Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence,"SAP Business Objects Web Intelligence - version 420,  allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.

",SAP,SAP BusinessObjects Web Intelligence,6.8,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-12-12T01:15:00.000Z,0
CVE-2023-42474,https://securityvulnerability.io/vulnerability/CVE-2023-42474,Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence,"SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.

",SAP,SAP Businessobjects Web Intelligence,6.8,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2023-10-10T02:15:00.000Z,0
CVE-2023-40622,https://securityvulnerability.io/vulnerability/CVE-2023-40622,Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management),"A vulnerability exists in the SAP BusinessObjects Business Intelligence Platform, specifically within its Promotion Management feature. Under specific conditions, an authenticated attacker can exploit this flaw to gain access to sensitive information that is normally restricted. This exploitation may lead to a complete compromise of the application, posing severe risks to the confidentiality, integrity, and availability of data.",SAP,SAP Businessobjects Business Intelligence Platform (promotion Management),9.9,CRITICAL,0.0008900000248104334,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0
CVE-2023-40623,https://securityvulnerability.io/vulnerability/CVE-2023-40623,Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer),"The SAP BusinessObjects Suite Installer versions 420 and 430 contain a directory traversal vulnerability that enables attackers within the same network to create a malicious directory in the temporary folder. This can lead to a link to critical operating system files, resulting in the potential deletion of these files. Consequently, the attacker can compromise system availability and impose limitations on data integrity.",SAP,SAP BusinessObjects Suite (Installer),7.1,HIGH,0.0007300000288523734,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0
CVE-2023-42472,https://securityvulnerability.io/vulnerability/CVE-2023-42472,Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface),"This vulnerability in SAP BusinessObjects Business Intelligence Platform (specifically the Web Intelligence HTML interface) allows authenticated users to upload files from their local systems. If an attacker intercepts the upload request, they can modify the content type and file extension, leading to unauthorized access to sensitive data and potential integrity issues. This exploit underscores the critical need for robust file type validation to prevent malicious file executions and safeguard application confidentiality.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),8.7,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0
CVE-2023-37489,https://securityvulnerability.io/vulnerability/CVE-2023-37489,Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System),"Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.

",SAP,SAP Businessobjects Business Intelligence Platform (version Management System),5.3,MEDIUM,0.000750000006519258,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0
CVE-2023-39440,https://securityvulnerability.io/vulnerability/CVE-2023-39440,Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform,"In SAP BusinessObjects Business Intelligence - version 420,  If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.",SAP,SAP Businessobjects Business Intelligence,4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-08-08T01:15:00.000Z,0
CVE-2023-37490,https://securityvulnerability.io/vulnerability/CVE-2023-37490,Binary hijack in SAP BusinessObjects Business Intelligence (Installer),"The SAP Business Objects Installer, specifically in versions 420 and 430, contains a vulnerability that allows an authenticated attacker on the same network to replace an executable file located in a temporary directory during the installation process. By exploiting this vulnerability, an attacker can substitute the legitimate file with a malicious one, potentially leading to a complete compromise of the system’s confidentiality, integrity, and availability.",SAP,SAP BusinessObjects Business Intelligence (Installer),9,CRITICAL,0.0004299999854993075,false,false,false,false,,false,false,2023-08-08T01:15:00.000Z,0
CVE-2023-36917,https://securityvulnerability.io/vulnerability/CVE-2023-36917,Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform versions 420 and 430 are susceptible to a session hijack vulnerability. This allows an attacker, who has gained unauthorized access to a user's session, to circumvent the victim’s old password using brute force tactics. The weakness arises from an unrestricted rate limit in the password change functionality. While this vulnerability does not compromise the integrity or availability of the system, it poses a significant risk of account takeover, potentially granting the attacker full access to the victim's account.",SAP,SAP BusinessObjects Business Intelligence Platform,7.5,HIGH,0.0011099999537691474,false,false,false,false,,false,false,2023-07-11T03:15:00.000Z,0
CVE-2023-31404,https://securityvulnerability.io/vulnerability/CVE-2023-31404,Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service),"Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted.

",SAP,SAP BusinessObjects Business Intelligence Platform (Central Management Service),5,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0
CVE-2023-31406,https://securityvulnerability.io/vulnerability/CVE-2023-31406,Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform,"Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

",SAP,SAP BusinessObjects Business Intelligence Platform,6.1,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0
CVE-2023-30741,https://securityvulnerability.io/vulnerability/CVE-2023-30741,Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform,"Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

",SAP,SAP BusinessObjects Business Intelligence Platform,6.1,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0
CVE-2023-30740,https://securityvulnerability.io/vulnerability/CVE-2023-30740,Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform,"The vulnerability in the SAP BusinessObjects Business Intelligence Platform, specifically in versions 420 and 430, enables an authenticated attacker to gain unauthorized access to sensitive information that is typically restricted. If successfully exploited, this may lead to severe repercussions regarding the confidentiality of the affected data, while having a limited effect on the integrity and availability of the application. Organizations using these versions should assess their security measures to mitigate potential risks.",SAP,SAP BusinessObjects Business Intelligence Platform,7.6,HIGH,0.0009599999757483602,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0
CVE-2023-28762,https://securityvulnerability.io/vulnerability/CVE-2023-28762,Information Disclosure in SAP BusinessObjects Intelligence Platform,"An attacker with administrator privileges on SAP BusinessObjects Business Intelligence Platform versions 420 and 430 can exploit this vulnerability to capture the login tokens of any active user on the platform. This unauthorized access enables the attacker to impersonate the user, potentially allowing them to manipulate or access sensitive data without user consent. Furthermore, this exploitation could lead to denial of service where the system becomes partially or totally unavailable, disrupting normal operations.",SAP,SAP BusinessObjects Intelligence Platform,7.2,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2023-05-09T01:15:00.000Z,0
CVE-2023-28764,https://securityvulnerability.io/vulnerability/CVE-2023-28764,Information Disclosure vulnerability in SAP BusinessObjects Platform,"SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.

",SAP,SAP BusinessObjects Platform,5.9,MEDIUM,0.002199999988079071,false,false,false,false,,false,false,2023-05-09T01:15:00.000Z,0