SAP Businessobjects
By the Year
In 2024 there have been 0 vulnerabilities in SAP Businessobjects . Last year Businessobjects had 2 security vulnerabilities published. Right now, Businessobjects is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 2 | 6.50 |
2022 | 1 | 7.80 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 5 | 7.34 |
2018 | 1 | 7.30 |
It may take a day or so for new Businessobjects vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Businessobjects Security Vulnerabilities
SAP BusinessObjects Suite Installer - version 420, 430
CVE-2023-40623
7.1 - High
- September 12, 2023
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.
1386
SAP BusinessObjects Platform - versions 420
CVE-2023-28764
5.9 - Medium
- May 09, 2023
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.
Insufficiently Protected Credentials
During an update of SAP BusinessObjects Enterprise
CVE-2022-28214
7.8 - High
- May 11, 2022
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems Confidentiality, Integrity, and Availability.
Cleartext Storage of Sensitive Information
SAP BusinessObjects Business Intelligence Platform (Administration Console)
CVE-2019-0303
6.1 - Medium
- June 14, 2019
SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed.
XSS
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3
CVE-2019-0287
7.6 - High
- May 14, 2019
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3
CVE-2019-0289
7.1 - High
- May 14, 2019
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
The Fiori Launchpad of SAP BusinessObjects
CVE-2019-0251
6.1 - Medium
- February 15, 2019
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
XSS
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference)
CVE-2019-0259
9.8 - Critical
- February 15, 2019
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
Unrestricted File Upload
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad
CVE-2018-2408
7.3 - High
- April 10, 2018
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
Session Fixation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Businessobjects or by SAP? Click the Watch button to subscribe.