RSS   Vulnerabilities for 'Businessobjects'   RSS

2019-06-14
 
CVE-2019-0303

CWE-79
 

 
SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed.

 
2019-05-14
 
CVE-2019-0289

CWE-200
 

 
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.

 
 
CVE-2019-0287

CWE-200
 

 
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.

 
2019-02-15
 
CVE-2019-0259

CWE-434
 

 
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.

 
 
CVE-2019-0251

CWE-79
 

 
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

 
2018-04-10
 
CVE-2018-2408

CWE-384
 

 
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.

 
2017-12-12
 
CVE-2017-16683

CWE-noinfo
 

 
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.

 
2015-10-15
 
CVE-2015-7730

 

 
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.

 
2014-12-17
 
CVE-2014-9387

CWE-264
 

 
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.

 
2014-10-16
 
CVE-2014-8311

CWE-Other
 

 
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.

 


Copyright 2019, cxsecurity.com

 

Back to Top