SAP Security Advisory version ENTERPRISE 420 - SAP Security Notes

 

Advisories for ENTERPRISE 420

Below you can find all Security Advisories that related to your search term.

Note Component Description CVSS Severity Patchday Initially released on Category Affected system type Valid for
3130497 BI-BIP-CMC [CVE-2022-27671] CSRF token visible in one of the URL in SAP Business Intelligence Platform. 8.2 High 2022-04 2022/04/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3055044 BI-DEV-WEB [CVE-2022-28213] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (dswsbobje - SOAP Web services) 5.4 Medium 2022-04 2022/04/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3137191 BI-BIP-ADM [CVE-2022-22541] Information Disclosure vulnerability in SAP BusinessObjects Platform 6.8 Medium 2022-04 2022/04/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2695210 BI-RA-WBI-FE-HTM [CVE-2020-6189] Information Disclosure in SAP BusinessObjects BI Central Management Console 5.3 Medium 2020-02 2020/02/11 Program error BI/BO platform ENTERPRISE 420
3103677 BI-RA-WBI-FE-HTM [CVE-2021-42061] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (Web Intelligence) 4.1 Medium 2021-12 2021/12/14 Program error BI/BO platform ENTERPRISE 420
3150845 BI-BIP-BIW [CVE-2022-28216] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) 4.3 Medium 2022-04 2022/04/12 Program error BI/BO platform ENTERPRISE 420
3233226 BI-BIP-LCM [CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System) 6.8 Medium 2022-10 2022/10/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2701027 BI-BIP-MON [CVE-2019-0398] Cross-Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring application) 4.3 Medium 2019-12 2019/12/10 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
3126748 BI-RA-WBI-FE-HTM [CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) 5.4 Medium 2022-02 2022/02/08 Program error BI/BO platform ENTERPRISE 420
2998510 BI-BIP-INS [CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update 7.8 High 2022-05 2022/05/10 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2878507 BI-BIP-INV [CVE-2020-6195] Multiple vulnerabilities in SAP Business Objects Business Intelligence Platform 6.4 Medium 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
3211161 BI-BIP-INV [CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad) 6.1 Medium 2022-10 2022/10/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3103424 BI-BIP-SL-ENG-OLA [CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform 5.0 Medium 2022-03 2022/03/08 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3229425 BI-RA-AWB [CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP 5.4 Medium 2022-10 2022/10/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3239293 BI-BIP-ADM [CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder) 7.7 High 2022-10 2022/10/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2880744 BC-SEC-LGN-SML [CVE-2020-6181] HTTP Response Splitting vulnerability in SAP NetWeaver and ABAP Platform 5.8 Medium 2020-02 2020/02/11 Program error ABAP ENTERPRISE 410 ENTERPRISE 420
3221288 BI-BIP-CMC [CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console) 8.3 High 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3213279 BI-BIP-CMC [CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects 5.4 Medium 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420
3229132 BI-BIP-ADM [CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects) 8.2 High 2022-10 2022/10/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3203079 BI-BIP-VD [CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application) 5.4 Medium 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3194361 BI-BIP-SRV [CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM) 6.0 Medium 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3167430 BI-BIP-IK-PAR-SAP [CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service) 5.6 Medium 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3169239 BI-BIP-ADM [CVE-2022-29619] Information Disclosure to user Administrator in SAP BusinessObjects Business Intelligence Platform 4.x 6.5 Medium 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3249648 BI-RA-WBI [CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence) 4.3 Medium 2022-12 2022/12/13 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3239475 BI-BIP-SRV [CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform 9.9 Hot News 2022-12 2022/12/13 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3313484 BI-BIP-INV [CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform 6.3 Medium 2023-05 2023/05/09 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3243924 BI-RA-WBI-FE [CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad) 9.9 Hot News 2022-11 2022/11/08 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3309935 BI-BIP-INV [CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform 6.1 Medium 2023-05 2023/05/09 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2989075 BI-RA-CR-VW [CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report) 9.6 Hot News 2020-12 2020/12/08 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
3251447 BI-RA-WBI-FE [CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence) 4.6 Medium 2023-01 2023/01/10 Program error BI/BO platform ENTERPRISE 420
3210823 BI-BIP-INV [CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document) 8.2 High 2022-08 2022/08/09 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3038911 BI-BIP-ADM [CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service) 5.0 Medium 2023-05 2023/05/09 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3266006 BI-RA-CR [CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console) 5.4 Medium 2023-01 2023/01/10 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3213524 BI-BIP-CMC [CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB) 5.2 Medium 2022-08 2022/08/09 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3307833 BI-BIP-SRV [CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console) 9.1 Hot News 2023-05 2023/05/09 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3262810 BI-RA-AWB [CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP) 9.9 Hot News 2023-01 2023/01/10 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2826782 MOB-APP-BI-SRV [CVE-2020-6196] Denial of service (DOS) in SAP BusinessObjects Mobile (MobileBIService) 7.5 High 2020-03 2020/03/10 Program error BI/BO platform ENTERPRISE 420
3263135 BI-BIP-INV [CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform 8.5 High 2023-02 2023/02/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2814007 BI-RA-WBI-FE-HTM [CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) 7.1 High 2019-11 2019/11/12 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420
2830578 BI-BIP-INV [CVE-2019-0395] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad) 5.4 Medium 2019-12 2019/12/10 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2817937 BI-RA-WBI-FE [CVE-2019-0382] XSS vulnerabilty in SAP Business Objects BI Platform (Web Intelligence) 5.4 Medium 2019-11 2019/11/12 Program error BI/BO platform ENTERPRISE 420
2863731 BI-RA-CRV [CVE-2020-6219] Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer) 9.1 Hot News 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430 CRYSTAL REPORTS FOR VS 2010
2863396 BI-BIP-SRV [CVE-2020-6227] Remote unauthenticated log injection in SAP Business Objects Business Intelligence Platform (CMS / Auditing issues) 5.3 Medium 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2879132 BI-RA-WBI-FE [CVE-2020-6226] Cross-Site Scripting (XSS) vulnerabilities in SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) 5.4 Medium 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 420
2876059 BI-BIP-INV [CVE-2020-6216] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BILaunchpad/ Opendocument) 6.1 Medium 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2898077 BI-DEV-WEB [CVE-2020-6237] Information Disclosure in SAP Business Objects Business Intelligence Platform (dswsbobje Web Application) 7.5 High 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
3256787 BI-BIP-CMC [CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC) 8.4 High 2023-02 2023/02/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3245526 BI-BIP-CMC [CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC) 9.9 Hot News 2023-03 2023/03/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3283438 BI-BIP-SRV [CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server) 9.0 Hot News 2023-03 2023/03/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2918762 XX-PART-ADB-IFM Multiple vulnerabilities in Adobe LiveCycle Designer 11.0 6.5 Medium 2020-06 2020/06/09 Program error Adobe LiveCycle Designer ENTERPRISE 420
2918924 CEC-COM-CPS [CVE-2020-6265] Use of Hard-coded Credentials in SAP Commerce and SAP Commerce Datahub 9.8 Hot News 2020-06 2020/06/09 Program error SAP Cloud Commerce ENTERPRISE 420
2905836 BI-DEV-WEB [CVE-2020-6269] Information Disclosure in SAP Business Objects Business Intelligence Platform 4.3 Medium 2020-06 2020/06/09 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2849967 BI-BIP-AUT [CVE-2020-6276] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata) 6.1 Medium 2020-07 2020/07/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2912708 BI-BIP-INV [CVE-2020-6278] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC) 5.4 Medium 2020-07 2020/07/14 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
2917743 BI-BIP-INV [CVE-2020-6281] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad) 6.1 Medium 2020-07 2020/07/14 Program error BI/BO platform ENTERPRISE 420
3287120 BI-BIP-INV [Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform 6.5 Medium 2023-03 2023/03/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3320702 BI-BIP-SRV [CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform 5.9 Medium 2023-07 2023/07/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2927956 BI-RA-CR [CVE-2020-6294] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform 8.5 High 2020-08 2020/08/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3298961 BI-BIP-LCM [CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management ) 9.8 Hot News 2023-04 2023/04/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2921615 BI-BIP-SRV BI Platform stores SAP BW Authentication Password as clear text 5.5 Medium 2020-08 2020/08/11 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
2925827 BI-BIP-CMC [CVE-2020-6300] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Central Management Console) 4.8 Medium 2020-08 2020/08/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3312047 BI-BIP-CMC Denial of Service (DoS) vulnerability due to the usage of vulnerable version of Commons FileUpload in SAP BusinessObjects Business Intelligence Platform (CMC) 7.5 High 2023-08 2023/08/08 Program error BI/BO platform ENTERPRISE 420
3317710 BI-BIP-INS [CVE-2023-37490] Binary hijack in SAP BusinessObjects Business Intelligence Suite (installer) 7.6 High 2023-08 2023/08/08 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3370490 BI-RA-WBI-FE [CVE-2023-42472] Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) 8.7 High 2023-09 2023/09/12 Program error BI/BO platform ENTERPRISE 420
3317702 BI-BIP-INS [CVE-2023-40623] Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer) 6.2 Medium 2023-09 2023/09/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430 ENTERPRISECLIENTTOOLS 420 ENTERPRISECLIENTTOOLS 430
2965154 BI-RA-WBI-FE [CVE-2021-21447] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) 5.4 Medium 2021-01 2021/01/12 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420
3372991 BI-RA-WBI-FE [CVE-2023-42474] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence 6.8 Medium 2023-10 2023/10/10 Program error BI/BO platform ENTERPRISE 420
3320355 BI-BIP-LCM [CVE-2023-40622] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management) 9.9 Hot News 2023-09 2023/09/12 Program error SAP BI ENTERPRISE 420 ENTERPRISE 430
3369353 BI-RA-WBI-FE [CVE-2023-42476] Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence 6.8 Medium 2023-12 2023/12/12 Program error BI/BO platform ENTERPRISE 420
3382353 BI-BIP-ADM [CVE-2023-42478] Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform 7.5 High 2023-12 2023/12/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2935791 BI-BIP-CMC [CVE-2021-21444] Clickjacking vulnerability in SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 5.4 Medium 2021-02 2021/02/09 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
3044751 BI-RA-WBI-FE-HTM [CVE-2021-33667] Information Disclosure in SAP Business Objects Web Intelligence (BI Launchpad) 4.3 Medium 2021-07 2021/07/13 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2930128 BI-BIP-BIW [CVE-2020-6325] Multiple Vulnerabilities in SAP BusinessObjects Business Intelligence Platform 5.4 Medium 2020-09 2020/09/08 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420
2911863 BI-BIP-CMC Information Disclosure in BOE/CMC application 5.3 Medium 2021-04 2021/04/13 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3098917 BI-RA-AWB [CVE-2021-40497] Information Disclosure in SAP BusinessObjects Analysis (edition for OLAP) 4.3 Medium 2021-10 2021/10/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2943844 BI-DEV-JAV [CVE-2020-6308] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Services) 5.3 Medium 2020-10 2020/10/13 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
2861301 BI-RA-CR [CVE-2020-6208] Remote Code Execution in SAP Business Objects Business Intelligence Platform (Crystal Reports) 8.2 High 2020-03 2020/03/10 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430 CRYSTAL REPORTS FOR VS 2010
3062085 BI-RA-CR-VW [CVE-2021-33696] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report) 5.4 Medium 2021-08 2021/08/10 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2880804 BI-RA-WBI-FE-HTM [CVE-2020-6222] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) 5.4 Medium 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420
3055180 BI-BIP-INV [CVE-2021-33679] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) 5.4 Medium 2021-09 2021/09/14 Program error BI/BO platform ENTERPRISE 420
3063048 BI-BIP-INV [CVE-2021-33697] Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5) 4.7 Medium 2021-08 2021/08/10 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3074693 BI-RA-CR-DB [CVE-2021-40500] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Reports) 6.9 Medium 2021-10 2021/10/12 Program error BI/BO platform CRYSTAL REPORTS 42 CRYSTAL REPORTS 43 ENTERPRISE 420 ENTERPRISE 430
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge
Platform
Product

© Copyright 2024 by SecurityBridge GmbH

v34.3