cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-37179,https://securityvulnerability.io/vulnerability/CVE-2024-37179,SAP BusinessObjects Vulnerability Allows Data Theft,"SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence),6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-08T03:21:02.936Z,0
CVE-2023-42472,https://securityvulnerability.io/vulnerability/CVE-2023-42472,Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface),"This vulnerability in SAP BusinessObjects Business Intelligence Platform (specifically the Web Intelligence HTML interface) allows authenticated users to upload files from their local systems. If an attacker intercepts the upload request, they can modify the content type and file extension, leading to unauthorized access to sensitive data and potential integrity issues. This exploit underscores the critical need for robust file type validation to prevent malicious file executions and safeguard application confidentiality.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),8.7,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-09-12T02:15:00.000Z,0
CVE-2021-21447,https://securityvulnerability.io/vulnerability/CVE-2021-21447,Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence platform versions 410 and 420 contain a vulnerability that allows an authenticated attacker to inject harmful JavaScript payloads into the custom value input field of an Input Control. When a user views the affected application content, the malicious script can be executed, enabling stored cross-site scripting (XSS) attacks that may compromise user data and application security.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-01-12T14:40:43.000Z,0
CVE-2020-6308,https://securityvulnerability.io/vulnerability/CVE-2020-6308,Server-Side Request Forgery in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform (Web Services) versions 410, 420, and 430 have a vulnerability that permits unauthenticated attackers to inject arbitrary values as CMS parameters. This flaw enables the attackers to conduct internal network lookups that are not typically accessible from outside the network. Successful exploitation can allow attackers to scan the internal infrastructure, gather critical information for subsequent attacks, bypass security mechanisms like firewalls, and manipulate the server into performing unauthorized requests, leading to significant security breaches.",SAP,SAP Businessobjects Business Intelligence Platform (web Services),5.3,MEDIUM,0.008050000295042992,false,,false,false,true,2024-08-04T23:25:56.000Z,true,false,false,,2020-10-20T13:31:10.000Z,0
CVE-2020-6312,https://securityvulnerability.io/vulnerability/CVE-2020-6312,Stored Cross Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform's Web Intelligence HTML interface is susceptible to stored Cross Site Scripting when certain web page properties are edited by a non-administrative user. This vulnerability allows attackers to manipulate how a browser interprets various page elements, potentially leading to unauthorized access or modification of metadata when users interact with affected web elements.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-09-09T12:40:12.000Z,0
CVE-2020-6222,https://securityvulnerability.io/vulnerability/CVE-2020-6222,Cross-Site Scripting Vulnerability in SAP Business Objects Business Intelligence Platform,"The SAP Business Objects Business Intelligence Platform, particularly its Web Intelligence HTML interface, exhibits a flaw due to inadequate encoding of user-controlled inputs. This vulnerability allows attackers to execute malicious scripts in the context of a user's session, potentially compromising sensitive information and user interactions. It is essential for organizations utilizing affected versions to implement security measures and apply available patches to enhance their defenses against potential exploitation.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-04-14T18:18:10.000Z,0
CVE-2019-0396,https://securityvulnerability.io/vulnerability/CVE-2019-0396,XML Document Validation Flaw in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform has a vulnerability in its Web Intelligence HTML interface that can be exploited through untrusted XML documents. The platform fails to adequately validate XML data, allowing attackers to inject malicious elements into documents. This can lead to security breaches during specific workflows, potentially exposing sensitive information or disrupting services.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),7.1,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2019-11-13T22:18:04.000Z,0
CVE-2019-0382,https://securityvulnerability.io/vulnerability/CVE-2019-0382,Cross-Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform,"A Cross-Site Scripting vulnerability exists in the SAP BusinessObjects Business Intelligence Platform, specifically within Web Intelligence publication-related pages. This weakness requires certain user privileges for exploitation, potentially allowing attackers to inject malicious scripts into web pages viewed by other users. The issue has been addressed in version 4.2, underscoring the necessity for users to update their software to mitigate risks associated with this vulnerability.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-11-13T21:59:11.000Z,0
CVE-2019-0378,https://securityvulnerability.io/vulnerability/CVE-2019-0378,Stored Cross-Site Scripting Vulnerability in SAP BusinessObjects BI Platform,"The SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence HTML interface prior to version 4.2, is vulnerable to a stored cross-site scripting issue. This occurs due to insufficient encoding of user-controlled inputs, enabling attackers to inject malicious scripts into the file name of a background image. As a result, unsuspecting users may inadvertently execute these scripts, potentially leading to unauthorized data access and manipulation.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:25:44.000Z,0
CVE-2019-0377,https://securityvulnerability.io/vulnerability/CVE-2019-0377,Stored Cross-Site Scripting Vulnerability in SAP BusinessObjects BI Platform,"The SAP BusinessObjects Business Intelligence Platform's Web Intelligence HTML interface prior to version 4.2 lacks adequate encoding for user-controlled inputs. This weakness allows attackers to inject malicious scripts, leading to Stored Cross-Site Scripting (XSS). Such vulnerabilities can compromise web applications and user data, making it essential for organizations to apply patches or updates to safeguard their systems.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:24:50.000Z,0
CVE-2019-0376,https://securityvulnerability.io/vulnerability/CVE-2019-0376,Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform,"In the SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence HTML interface prior to versions 4.2 and 4.3, insufficient encoding of user-controlled inputs allows attackers to inject and store malicious scripts in the publication names. These scripts may be executed later by unsuspecting users, posing a significant risk to their data integrity and security.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:23:56.000Z,0
CVE-2019-0375,https://securityvulnerability.io/vulnerability/CVE-2019-0375,Reflected Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence HTML interface, is vulnerable due to insufficient encoding of user-controlled inputs in the export dialog box of the report name. This flaw permits the execution of arbitrary scripts, leading to reflected Cross-Site Scripting. Users interacting with the vulnerable interface may inadvertently execute malicious scripts injected into the report naming field. Protection strategies include sanitizing user inputs and keeping software versions updated to reduce exposure risks.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:22:26.000Z,0
CVE-2019-0374,https://securityvulnerability.io/vulnerability/CVE-2019-0374,Reflected Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence HTML interface in versions prior to 4.2 and 4.3, is susceptible to reflected Cross-Site Scripting attacks. This vulnerability arises from inadequate encoding of user inputs in the chart title feature, allowing attackers to inject malicious scripts. When a victim interacts with the compromised chart, these scripts can execute in their browser, leading to potential data exposure or further exploits.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-10-08T19:21:30.000Z,0
CVE-2019-0333,https://securityvulnerability.io/vulnerability/CVE-2019-0333,Information Disclosure Vulnerability in SAP BusinessObjects Business Intelligence Platform,"In SAP BusinessObjects Business Intelligence Platform (Web Intelligence) versions 4.2 and 4.3, an information disclosure vulnerability exists when a client cancels a query. In these scenarios, attackers may exploit the situation to retrieve the entire data set rather than being limited to information allowed by their security profile. This weakness can potentially expose sensitive data, raising significant concerns for organizations relying on this platform for data analytics.",SAP,SAP Businessobjects Business Intelligence Platform (web Intelligence),6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2019-08-14T13:47:36.000Z,0