cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-32732,https://securityvulnerability.io/vulnerability/CVE-2024-32732,SAP BusinessObjects Business Intelligence Platform Vulnerability,Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application.,SAP,SAP Businessobjects Business Intelligence Platform,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T00:11:33.815Z,0 CVE-2024-37179,https://securityvulnerability.io/vulnerability/CVE-2024-37179,SAP BusinessObjects Vulnerability Allows Data Theft,"SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence),6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-10-08T03:21:02.936Z,0 CVE-2024-45281,https://securityvulnerability.io/vulnerability/CVE-2024-45281,High Privilege User Vulnerability Affects Confidentiality and Integrity of Application,SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application.,SAP,SAP Businessobjects Business Intelligence Platform,5.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T04:32:43.378Z,0 CVE-2024-41731,https://securityvulnerability.io/vulnerability/CVE-2024-41731,SAP BusinessObjects BI Platform Exposes Organizations to Code Injection Risk,"SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.",SAP,SAP Businessobjects Business Intelligence Platform,4.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-08-13T04:07:28.131Z,0 CVE-2024-28166,https://securityvulnerability.io/vulnerability/CVE-2024-28166,SAP BusinessObjects Vulnerability: Malicious Code Upload,"SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.",SAP,SAP Businessobjects Business Intelligence Platform,4.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-08-13T04:05:24.442Z,0 CVE-2024-42375,https://securityvulnerability.io/vulnerability/CVE-2024-42375,SAP BusinessObjects Vulnerable to Malicious Code Execution,"SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.",SAP,SAP Businessobjects Business Intelligence Platform,4.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-08-13T04:03:26.192Z,0 CVE-2024-41730,https://securityvulnerability.io/vulnerability/CVE-2024-41730,"Unauthorized Access via REST Endpoint poses High Risk to Confidentiality, Integrity, and Availability","In SAP BusinessObjects Business Intelligence Platform, a vulnerability exists that allows an unauthorized user to obtain a logon token when Single Sign-On is enabled with Enterprise authentication. This exploit makes it possible for attackers to gain access and potentially compromise the system while impacting essential security aspects such as confidentiality, integrity, and availability. Organizations using vulnerable versions must take immediate action to mitigate risks associated with this security flaw.",SAP,SAP Businessobjects Business Intelligence Platform,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-08-13T03:31:37.327Z,0 CVE-2024-34684,https://securityvulnerability.io/vulnerability/CVE-2024-34684,SAP BusinessObjects Scheduling Vulnerability Allows Authenticated Attacker to Access Password,"On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files.",SAP,SAP Businessobjects Business Intelligence Platform,6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T02:20:31.354Z,0 CVE-2024-33004,https://securityvulnerability.io/vulnerability/CVE-2024-33004,SAP Business Objects Platform Vulnerable to Insecure Storage,"SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.",SAP,SAP Businessobjects Business Intelligence Platform (webservices),4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T04:00:25.081Z,0 CVE-2024-28165,https://securityvulnerability.io/vulnerability/CVE-2024-28165,SAP Business Objects Platform Vulnerable to Stored XSS Attacks,"The SAP Business Objects Business Intelligence Platform is susceptible to a stored cross-site scripting (XSS) vulnerability that permits an attacker to manipulate parameters within the Opendocument URL. This security flaw can lead to severe repercussions on the confidentiality and integrity of the application, potentially allowing unauthorized access or manipulation of sensitive information. Users and organizations utilizing this platform are advised to reference SAP's security updates and implement necessary measures to mitigate the risks associated with this vulnerability.",SAP,SAP Businessobjects Business Intelligence Platform,8.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T03:51:20.267Z,0 CVE-2023-40622,https://securityvulnerability.io/vulnerability/CVE-2023-40622,Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management),"A vulnerability exists in the SAP BusinessObjects Business Intelligence Platform, specifically within its Promotion Management feature. Under specific conditions, an authenticated attacker can exploit this flaw to gain access to sensitive information that is normally restricted. This exploitation may lead to a complete compromise of the application, posing severe risks to the confidentiality, integrity, and availability of data.",SAP,SAP Businessobjects Business Intelligence Platform (promotion Management),9.9,CRITICAL,0.0008900000248104334,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0 CVE-2023-37489,https://securityvulnerability.io/vulnerability/CVE-2023-37489,Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System),"Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity. ",SAP,SAP Businessobjects Business Intelligence Platform (version Management System),5.3,MEDIUM,0.000750000006519258,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0 CVE-2023-42472,https://securityvulnerability.io/vulnerability/CVE-2023-42472,Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface),"This vulnerability in SAP BusinessObjects Business Intelligence Platform (specifically the Web Intelligence HTML interface) allows authenticated users to upload files from their local systems. If an attacker intercepts the upload request, they can modify the content type and file extension, leading to unauthorized access to sensitive data and potential integrity issues. This exploit underscores the critical need for robust file type validation to prevent malicious file executions and safeguard application confidentiality.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),8.7,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0 CVE-2023-36917,https://securityvulnerability.io/vulnerability/CVE-2023-36917,Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform versions 420 and 430 are susceptible to a session hijack vulnerability. This allows an attacker, who has gained unauthorized access to a user's session, to circumvent the victim’s old password using brute force tactics. The weakness arises from an unrestricted rate limit in the password change functionality. While this vulnerability does not compromise the integrity or availability of the system, it poses a significant risk of account takeover, potentially granting the attacker full access to the victim's account.",SAP,SAP BusinessObjects Business Intelligence Platform,7.5,HIGH,0.0011099999537691474,false,false,false,false,,false,false,2023-07-11T03:15:00.000Z,0 CVE-2023-30741,https://securityvulnerability.io/vulnerability/CVE-2023-30741,Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform,"Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. ",SAP,SAP BusinessObjects Business Intelligence Platform,6.1,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0 CVE-2023-30740,https://securityvulnerability.io/vulnerability/CVE-2023-30740,Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform,"The vulnerability in the SAP BusinessObjects Business Intelligence Platform, specifically in versions 420 and 430, enables an authenticated attacker to gain unauthorized access to sensitive information that is typically restricted. If successfully exploited, this may lead to severe repercussions regarding the confidentiality of the affected data, while having a limited effect on the integrity and availability of the application. Organizations using these versions should assess their security measures to mitigate potential risks.",SAP,SAP BusinessObjects Business Intelligence Platform,7.6,HIGH,0.0009599999757483602,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0 CVE-2023-31404,https://securityvulnerability.io/vulnerability/CVE-2023-31404,Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service),"Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted. ",SAP,SAP BusinessObjects Business Intelligence Platform (Central Management Service),5,MEDIUM,0.000699999975040555,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0 CVE-2023-31406,https://securityvulnerability.io/vulnerability/CVE-2023-31406,Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform,"Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. ",SAP,SAP BusinessObjects Business Intelligence Platform,6.1,MEDIUM,0.0009200000204145908,false,false,false,false,,false,false,2023-05-09T02:15:00.000Z,0 CVE-2023-0020,https://securityvulnerability.io/vulnerability/CVE-2023-0020,Authentication Bypass in SAP BusinessObjects Business Intelligence Platforms,"The SAP BusinessObjects Business Intelligence platform versions 420 and 430 contain a vulnerability that allows authenticated attackers to access sensitive information otherwise restricted by the application. Exploiting this vulnerability poses a significant risk to data confidentiality, potentially leading to unauthorized data exposure, while maintaining relatively limited impact on the application's integrity.",SAP,SAP Businessobjects Business Intelligence Platform,8.5,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-02-14T04:15:00.000Z,0 CVE-2023-0015,https://securityvulnerability.io/vulnerability/CVE-2023-0015,Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence),"In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.",SAP,SAP Businessobjects Business Intelligence Platform,4.6,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2023-01-10T04:15:00.000Z,0 CVE-2022-41203,https://securityvulnerability.io/vulnerability/CVE-2022-41203,,"In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system.",SAP,SAP Businessobjects Business Intelligence Platform (central Management Console And Bi LauncHPad),9.9,CRITICAL,0.001019999966956675,false,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0 CVE-2022-39800,https://securityvulnerability.io/vulnerability/CVE-2022-39800,,"SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.",SAP,SAP Businessobjects Business Intelligence Platform (bi LauncHPad),6.1,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0 CVE-2022-41206,https://securityvulnerability.io/vulnerability/CVE-2022-41206,,"SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application. ",SAP,SAP Businessobjects Business Intelligence Platform (analysis For Olap),5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0 CVE-2022-35296,https://securityvulnerability.io/vulnerability/CVE-2022-35296,,"Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.",SAP,SAP Businessobjects Business Intelligence Platform (version Management System),4.9,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0 CVE-2022-39015,https://securityvulnerability.io/vulnerability/CVE-2022-39015,,"Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.",SAP,SAP Businessobjects Business Intelligence Platform (admintools/query Builder),6.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0