CVE-2023-40623

all versions

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under tempora

6.2MEDIUM

CVE-2023-28764

all versions

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the bina

3.7LOW

CVE-2022-28214

all versions

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credential

7.8HIGH

CVE-2019-0303

all versions

SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is r

6.1MEDIUM

CVE-2019-0289

all versions

Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an a

7.1HIGH

CVE-2019-0287

all versions

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, all

7.6HIGH

CVE-2019-0259

all versions

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) with

9.8CRITICAL

CVE-2019-0251

all versions

The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resu

6.1MEDIUM

CVE-2018-2408

all versions

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In

7.3HIGH

CVE-2017-16683

all versions

Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legiti

6.5MEDIUM

CVE-2015-7730

all versions

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to caus

CVE-2014-9387

all versions

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges

CVE-2014-8311

all versions

SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.

CVE-2014-8310

all versions

The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) v

CVE-2014-8309

all versions

SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with differen

CVE-2014-8308

all versions

Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attac

CVE-2014-3134

all versions

Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbi

CVE-2010-3983

all versions

CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Pro

CVE-2010-3982

all versions

SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port,

CVE-2010-3981

all versions

Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web

CVE-2010-3980

all versions

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote a

CVE-2010-3979

all versions

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresp

CVE-2010-0219

all versions

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a de

CVE-2008-1894

<= xi_r2

Cross-site scripting (XSS) vulnerability in desktoplaunch/InfoView/logon/logon.object in BusinessObjects InfoView XI R2 SP1, SP2,

CVE-2007-6254

<= 6.5

Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business

CVE-2008-0379

all versions

Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows r

CVE-2006-4099

all versions

Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack se

CVE-2006-6133

all versions

Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 200

CVE-2005-4813

all versions

Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Re

CVE-2005-4274

all versions

Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user acco

CVE-2004-2742

all versions

Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inje

CVE-2004-0533

all versions

Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticate

CVE-2004-0534

all versions

Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4

CVE-2004-0204

all versions

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10

CVE-2004-1981

all versions

The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly request

CVE-2003-1249

all versions

WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.

CVE-2001-1464

all versions

Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in clea