SAP Business Objects Business Intelligence Platform

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS

CVE-2023-42478 7.6 - High - December 12, 2023

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

XSS

In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources

CVE-2023-25616 8.8 - High - March 14, 2023

In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system.

Injection

SAP Business Object (Adaptive Job Server) - versions 420, 430

CVE-2023-25617 8.8 - High - March 14, 2023

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.

Shell injection

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430

CVE-2023-23856 5.4 - Medium - February 14, 2023

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application.

XSS

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420

CVE-2023-0015 5.4 - Medium - January 10, 2023

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

XSS

SAP Business Objects Platform - versions 420, and 430

CVE-2022-41267 8.8 - High - December 13, 2022

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application.

Unrestricted File Upload

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document

CVE-2022-41263 4.3 - Medium - December 12, 2022

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.

Session Riding

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data

CVE-2022-31596 6 - Medium - December 12, 2022

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.

Under certain conditions, BOE AdminTools/ BOE SDK

CVE-2022-39015 6.5 - Medium - October 11, 2022

Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.

Exposure of Resource to Wrong Sphere

Under certain conditions an authenticated attacker can get access to OS credentials

CVE-2022-39013 7.6 - High - October 11, 2022

Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application.

Due to insufficient input validation, SAP Business Objects - version 420

CVE-2022-31598 5.4 - Medium - July 12, 2022

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Insufficient Verification of Data Authenticity

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430

CVE-2022-32246 4.6 - Medium - July 12, 2022

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application

SQL Injection

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform

CVE-2020-6220 4.7 - Medium - June 06, 2022

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victims session is active.

XSS

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430

CVE-2022-24398 6.5 - Medium - March 10, 2022

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.