threat
engine
.sh
Back
·
··:··
Home
/
Product
/
sap businessobjects business intelligence platform
Product
sap businessobjects business intelligence platform
91 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-24324
all versions
SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a
6.5
MEDIUM
CVE-2026-0508
all versions
The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious U
7.3
HIGH
CVE-2026-0490
all versions
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint tha
7.5
HIGH
CVE-2026-0485
all versions
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content
7.5
HIGH
CVE-2025-42988
all versions
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP
3.7
LOW
CVE-2025-31332
all versions
Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the sy
6.6
MEDIUM
CVE-2025-25245
all versions
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not p
5.4
MEDIUM
CVE-2025-0064
all versions
Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an atta
8.7
HIGH
CVE-2025-0061
all versions
SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the networ
8.7
HIGH
CVE-2025-0060
all versions
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code
6.5
MEDIUM
CVE-2024-32732
all versions
Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would o
5.3
MEDIUM
CVE-2024-45281
all versions
SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of
5.8
MEDIUM
CVE-2024-42375
all versions
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network,
4.3
MEDIUM
CVE-2024-41731
all versions
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, tha
3.1
LOW
CVE-2024-41730
all versions
In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorize
9.8
CRITICAL
CVE-2024-28166
all versions
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network,
3.7
LOW
CVE-2024-34684
all versions
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator acces
3.7
LOW
CVE-2024-33004
all versions
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even
4.3
MEDIUM
CVE-2024-28165
all versions
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in
8.1
HIGH
CVE-2023-42478
all versions
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents
7.5
HIGH
CVE-2023-42472
all versions
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) -
8.7
HIGH
CVE-2023-27271
all versions
In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE
6.5
MEDIUM
CVE-2023-25617
all versions
SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program
9.0
CRITICAL
CVE-2023-25616
all versions
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lea
9.9
CRITICAL
CVE-2023-24530
all versions
SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicio
8.4
HIGH
CVE-2023-23856
all versions
In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong co
4.3
MEDIUM
CVE-2023-0020
all versions
SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive infor
8.5
HIGH
CVE-2023-0022
all versions
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that
9.9
CRITICAL
CVE-2023-0018
all versions
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application
10.0
CRITICAL
CVE-2023-0015
all versions
In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with
4.6
MEDIUM
CVE-2022-41267
all versions
SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any fil
9.9
CRITICAL
CVE-2022-41263
all versions
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430,
4.3
MEDIUM
CVE-2022-31596
all versions
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP B
6.0
MEDIUM
CVE-2022-39015
all versions
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.
6.5
MEDIUM
CVE-2022-39013
all versions
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the
7.6
HIGH
CVE-2022-39014
all versions
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows
5.3
MEDIUM
CVE-2022-35228
all versions
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be
8.8
HIGH
CVE-2022-35169
all versions
SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read a
6.0
MEDIUM
CVE-2022-32246
all versions
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated at
4.6
MEDIUM
CVE-2022-31598
all versions
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious r
5.4
MEDIUM
CVE-2022-29619
all versions
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to vi
6.5
MEDIUM
CVE-2020-6220
all versions
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-
4.7
MEDIUM
CVE-2022-28216
all versions
SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack b
6.1
MEDIUM
CVE-2022-28213
all versions
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not suffici
8.1
HIGH
CVE-2022-27671
all versions
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.
6.5
MEDIUM
CVE-2022-27667
all versions
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allow
7.5
HIGH
CVE-2022-22541
all versions
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shou
6.5
MEDIUM
CVE-2022-24398
all versions
Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker
6.5
MEDIUM
CVE-2021-42061
all versions
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled
5.4
MEDIUM
CVE-2021-40500
all versions
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to ex
7.5
HIGH
CVE-2021-33679
all versions
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicio
5.4
MEDIUM
CVE-2020-26831
all versions
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities d
9.6
CRITICAL
CVE-2020-6308
all versions
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to
5.3
MEDIUM
CVE-2020-6312
all versions
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with
5.4
MEDIUM
CVE-2020-6288
all versions
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights
5.3
MEDIUM
CVE-2020-6300
all versions
SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with admi
4.8
MEDIUM
CVE-2020-6294
all versions
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentica
9.1
CRITICAL
CVE-2020-6281
all versions
SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inpu
6.1
MEDIUM
CVE-2020-6278
all versions
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed mali
5.4
MEDIUM
CVE-2020-6276
all versions
SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs,
6.1
MEDIUM
CVE-2020-6269
all versions
Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access informatio
6.5
MEDIUM
CVE-2020-6257
all versions
SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs
5.4
MEDIUM
CVE-2020-6251
all versions
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker t
6.5
MEDIUM
CVE-2020-6247
all versions
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users f
7.5
HIGH
CVE-2020-6245
all versions
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file
6.7
MEDIUM
CVE-2020-6242
all versions
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to l
9.8
CRITICAL
CVE-2020-6211
all versions
SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a mal
6.1
MEDIUM
CVE-2020-6195
all versions
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to
9.8
CRITICAL
CVE-2020-6237
all versions
Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows
7.5
HIGH
CVE-2020-6231
all versions
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode u
5.4
MEDIUM
CVE-2020-6227
all versions
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafte
7.5
HIGH
CVE-2020-6226
all versions
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode u
5.4
MEDIUM
CVE-2020-6223
all versions
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain
6.1
MEDIUM
CVE-2020-6222
all versions
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently en
5.4
MEDIUM
CVE-2020-6221
all versions
Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently e
5.4
MEDIUM
CVE-2020-6219
all versions
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS
8.8
HIGH
CVE-2020-6218
all versions
Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to acc
5.0
MEDIUM
CVE-2020-6216
all versions
SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inpu
6.1
MEDIUM
CVE-2020-6189
all versions
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that
5.3
MEDIUM
CVE-2019-0398
all versions
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions
8.8
HIGH
CVE-2019-0395
< 4.2
SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a t
5.4
MEDIUM
CVE-2019-0396
all versions
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not
7.1
HIGH
CVE-2019-0382
< 4.2
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication re
5.4
MEDIUM
CVE-2019-0378
all versions
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently en
5.4
MEDIUM
CVE-2019-0377
all versions
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently e
5.4
MEDIUM
CVE-2019-0376
all versions
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not suffic
5.4
MEDIUM
CVE-2019-0375
all versions
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not suffic
5.4
MEDIUM
CVE-2019-0374
all versions
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not suffic
5.4
MEDIUM
CVE-2019-0352
all versions
In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached
7.5
HIGH
CVE-2018-2471
all versions
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information
7.5
HIGH
CVE-2018-2397
all versions
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not suff
5.4
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin