SAP Businessobjects

SAP BusinessObjects Enterprise Stored XSS via inadequate input encoding
CVE-2026-24325 4.8 - Medium - February 10, 2026

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.This vulnerability has low impact on confidentiality and integrity of the data. There is no impact on the availability of the application.

XSS

Unauthenticated CMS Crash (CVE-2026-0485) in SAP BusinessObjects BI Platform
CVE-2026-0485 7.5 - High - February 10, 2026

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.

Amplification

SAP BusinessObjects Auth File Disclosure via Web Intelligence Server
CVE-2024-37179 6.5 - Medium - October 08, 2024

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.

Unrestricted File Upload

SAP BoBI Scheduling: Authenticated Password Disclosure (CVE-2024-34684)
CVE-2024-34684 6 - Medium - June 11, 2024

On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files.

Information Disclosure

SAP BO Suite Installer Dir Traversal / Delete OS Files
CVE-2023-40623 7.1 - High - September 12, 2023

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.

1386

SAP BusinessObjects BI Platform VMS Unauthenticated Code Snippet Exposure
CVE-2023-37489 5.3 - Medium - September 12, 2023

Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.

Generation of Error Message Containing Sensitive Information

SAP BusinessObjects BI Platform Session Hijack Enables Brute-Force Password Bypass
CVE-2023-36917 7.5 - High - July 11, 2023

SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victims old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victims account.

Improper Restriction of Excessive Authentication Attempts

SAP BusinessObjects Info Design Tool Cleartext Data Leak (CVE-2023-28764)
CVE-2023-28764 5.9 - Medium - May 09, 2023

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.

Insufficiently Protected Credentials

XSS via Wrong Content-Type in SAP BusinessObjects 430 Web Intf
CVE-2023-23856 5.4 - Medium - February 14, 2023

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application.

XSS

SAP BusinessObjects BI Platform 420/430 Authenticated Info Disclosure
CVE-2023-0020 7.1 - High - February 14, 2023

SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and limited impact on integrity of the application.

Information Disclosure

SAP BO BI CMC: Stored XSS via Crystal Report Upload (CVE-2023-0018)
CVE-2023-0018 6.1 - Medium - January 10, 2023

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker.

XSS

SAP BO BI Platform Monitoring DB Access-Bypass for Authenticated Admin
CVE-2022-31596 6 - Medium - December 12, 2022

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.

SAP BusinessObjects BI: Authenticated Input Injection in OLAP Connections
CVE-2022-41206 5.4 - Medium - October 11, 2022

SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application.

XSS

Critical BOE AdminTools/SDK Info Disclosure Vulnerability
CVE-2022-39015 6.5 - Medium - October 11, 2022

Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.

Exposure of Resource to Wrong Sphere

Unrestricted Access to Sensitive Params in SAP BIP CMC
CVE-2022-39014 5.3 - Medium - September 13, 2022

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.

Missing Encryption of Sensitive Data

During an update of SAP BusinessObjects Enterprise
CVE-2022-28214 7.8 - High - May 11, 2022

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems Confidentiality, Integrity, and Availability.

Cleartext Storage of Sensitive Information

SAP BusinessObjects Business Intelligence Platform (Administration Console)
CVE-2019-0303 6.1 - Medium - June 14, 2019

SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed.

XSS

Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3
CVE-2019-0289 7.1 - High - May 14, 2019

Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3
CVE-2019-0287 7.6 - High - May 14, 2019

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference)
CVE-2019-0259 9.8 - Critical - February 15, 2019

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.

Unrestricted File Upload

The Fiori Launchpad of SAP BusinessObjects
CVE-2019-0251 6.1 - Medium - February 15, 2019

The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

XSS

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad
CVE-2018-2408 7.3 - High - April 10, 2018

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.

Session Fixation