cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-27271,https://securityvulnerability.io/vulnerability/CVE-2023-27271,Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform,"A vulnerability exists in the SAP BusinessObjects Business Intelligence Platform that allows an attacker to take control of a malicious BOE server. This manipulation forces the application server to establish connections to its own administrative tools, leading to significant disruptions in system availability. The affected versions, 420 and 430, are particularly susceptible, making it crucial for users to address this issue promptly.",SAP,BusinessObjects Business Intelligence Platform (Web Services),7.5,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2023-03-14T06:15:00.000Z,0
CVE-2023-27894,https://securityvulnerability.io/vulnerability/CVE-2023-27894,Sensitive Information Disclosure in the SAP BusinessObjects Business Intelligence platform,"SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data.

",SAP,BusinessObjects Business Intelligence Platform (Web Services),5.3,MEDIUM,0.0012700000079348683,false,false,false,false,,false,false,2023-03-14T06:15:00.000Z,0
CVE-2023-27896,https://securityvulnerability.io/vulnerability/CVE-2023-27896,Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform,"In SAP BusinessObjects Business Intelligence Platform versions 420 and 430, a vulnerability exists that allows an attacker to control a malicious BOE server. This exploitation method can force the application server to establish a connection with its own Central Management Server (CMS), which could severely disrupt the availability of the application. Organizations using these versions should implement necessary security measures to mitigate potential risks associated with this vulnerability.",SAP,BusinessObjects Business Intelligence Platform (Web Services),7.5,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2023-03-14T06:15:00.000Z,0
CVE-2020-6308,https://securityvulnerability.io/vulnerability/CVE-2020-6308,,"SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.",SAP,SAP Businessobjects Business Intelligence Platform (web Services),5.3,MEDIUM,0.008050000295042992,false,false,false,true,true,false,false,2020-10-20T13:31:10.000Z,0