CVE-2025-23192

all versions

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script wi

8.2HIGH

CVE-2024-37179

all versions

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Int

7.7HIGH

CVE-2023-40622

all versions

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an a

9.9CRITICAL

CVE-2023-37489

all versions

Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permi

5.3MEDIUM

CVE-2023-39440

all versions

In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific con

4.4MEDIUM

CVE-2023-37490

all versions

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable

7.6HIGH

CVE-2023-36917

all versions

SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user ses

5.9MEDIUM

CVE-2023-31406

all versions

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenti

6.1MEDIUM

CVE-2023-31404

all versions

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, al

5.0MEDIUM

CVE-2023-30741

all versions

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenti

6.1MEDIUM

CVE-2023-30740

all versions

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive infor

6.3MEDIUM

CVE-2023-28762

all versions

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privil

9.1CRITICAL

CVE-2023-28765

all versions

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430

9.8CRITICAL

CVE-2023-27896

all versions

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing

6.5MEDIUM

CVE-2023-27894

all versions

SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary valu

5.0MEDIUM

CVE-2022-41203

all versions

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with

8.8HIGH

CVE-2022-41206

all versions

SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to se

5.4MEDIUM

CVE-2022-39800

all versions

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due

6.1MEDIUM

CVE-2022-35296

all versions

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes s

4.9MEDIUM

CVE-2022-32244

all versions

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-per

5.2MEDIUM

CVE-2022-32245

all versions

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retr

8.2HIGH

CVE-2022-28214

all versions

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credential

7.8HIGH

CVE-2021-33697

all versions

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthent

6.1MEDIUM

CVE-2021-33696

all versions

SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user contro

5.4MEDIUM

CVE-2021-21444

all versions

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response header

6.1MEDIUM

CVE-2021-21447

all versions

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaSc

5.4MEDIUM

CVE-2019-0348

all versions

SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted con

6.5MEDIUM

CVE-2019-0346

all versions

Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2,

6.5MEDIUM

CVE-2019-0335

all versions

Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3,

6.1MEDIUM

CVE-2019-0334

all versions

When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possibl

5.4MEDIUM

CVE-2019-0333

all versions

In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versio

6.5MEDIUM

CVE-2019-0332

all versions

SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload fo

6.1MEDIUM

CVE-2019-0331

all versions

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an att

5.3MEDIUM

CVE-2019-0326

all versions

SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently enco

6.1MEDIUM

CVE-2019-0269

all versions

SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-contr

5.4MEDIUM

CVE-2019-0268

all versions

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an X

8.1HIGH

CVE-2018-2483

all versions

HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Co

4.3MEDIUM

CVE-2018-2473

all versions

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mo

6.5MEDIUM

CVE-2018-2447

all versions

SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObj

6.5MEDIUM

CVE-2018-2446

all versions

Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive infor

7.5HIGH

CVE-2018-2445

all versions

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable applic

9.6CRITICAL

CVE-2018-2442

all versions

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad

8.8HIGH

CVE-2018-2432

all versions

SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an atta

5.4MEDIUM

CVE-2018-2431

all versions

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resu

6.1MEDIUM

CVE-2018-2427

all versions

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET,

8.8HIGH