SAP Security Notes

 

Advisories for ENTERPRISE 420

Below you can find all Security Advisories that related to your search term.

Note Component Description CVSS Severity Patchday Initially released on Category Affected system type Valid for
3130497 BI-BIP-CMC [CVE-2022-27671] CSRF token visible in one of the URL in SAP Business Intelligence Platform. 8.2 High 2022-04 2022/04/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3055044 BI-DEV-WEB [CVE-2022-28213] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (dswsbobje - SOAP Web services) 5.4 Medium 2022-04 2022/04/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3137191 BI-BIP-ADM [CVE-2022-22541] Information Disclosure vulnerability in SAP BusinessObjects Platform 6.8 Medium 2022-04 2022/04/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2695210 BI-RA-WBI-FE-HTM [CVE-2020-6189] Information Disclosure in SAP BusinessObjects BI Central Management Console 5.3 Medium 2020-02 2020/02/11 Program error BI/BO platform ENTERPRISE 420
3103677 BI-RA-WBI-FE-HTM [CVE-2021-42061] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (Web Intelligence) 4.1 Medium 2021-12 2021/12/14 Program error BI/BO platform ENTERPRISE 420
3150845 BI-BIP-BIW [CVE-2022-28216] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) 4.3 Medium 2022-04 2022/04/12 Program error BI/BO platform ENTERPRISE 420
2701027 BI-BIP-MON [CVE-2019-0398] Cross-Site Request Forgery (CSRF) vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring application) 4.3 Medium 2019-12 2019/12/10 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
3126748 BI-RA-WBI-FE-HTM [CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) 5.4 Medium 2022-02 2022/02/08 Program error BI/BO platform ENTERPRISE 420
2998510 BI-BIP-INS [CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update 7.8 High 2022-05 2022/05/10 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2878507 BI-BIP-INV [CVE-2020-6195] Multiple vulnerabilities in SAP Business Objects Business Intelligence Platform 6.4 Medium 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
3103424 BI-BIP-SL-ENG-OLA [CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform 5.0 Medium 2022-03 2022/03/08 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2880744 BC-SEC-LGN-SML [CVE-2020-6181] HTTP Response Splitting vulnerability in SAP NetWeaver and ABAP Platform 5.8 Medium 2020-02 2020/02/11 Program error ABAP ENTERPRISE 410 ENTERPRISE 420
3221288 BI-BIP-CMC [CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console) 8.3 High 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3213279 BI-BIP-CMC [CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects 5.4 Medium 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420
3203079 BI-BIP-VD [CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application) 5.4 Medium 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3194361 BI-BIP-SRV [CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM) 6.0 Medium 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3167430 BI-BIP-IK-PAR-SAP [CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service) 5.6 Medium 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3169239 BI-BIP-ADM [CVE-2022-29619] Information Disclosure to user Administrator in SAP BusinessObjects Business Intelligence Platform 4.x 6.5 Medium 2022-07 2022/07/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2989075 BI-RA-CR-VW [CVE-2020-26831] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Report) 9.6 Hot News 2020-12 2020/12/08 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
3213524 BI-BIP-CMC [CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB) 5.2 Medium 2022-08 2022/08/09 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3210823 BI-BIP-INV [CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document) 8.2 High 2022-08 2022/08/09 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2826782 MOB-APP-BI-SRV [CVE-2020-6196] Denial of service (DOS) in SAP BusinessObjects Mobile (MobileBIService) 7.5 High 2020-03 2020/03/10 Program error BI/BO platform ENTERPRISE 420
2814007 BI-RA-WBI-FE-HTM [CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) 7.1 High 2019-11 2019/11/12 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420
2830578 BI-BIP-INV [CVE-2019-0395] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad) 5.4 Medium 2019-12 2019/12/10 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2817937 BI-RA-WBI-FE [CVE-2019-0382] XSS vulnerabilty in SAP Business Objects BI Platform (Web Intelligence) 5.4 Medium 2019-11 2019/11/12 Program error BI/BO platform ENTERPRISE 420
2863731 BI-RA-CRV [CVE-2020-6219] Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer) 9.1 Hot News 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430 CRYSTAL REPORTS FOR VS 2010
2863396 BI-BIP-SRV [CVE-2020-6227] Remote unauthenticated log injection in SAP Business Objects Business Intelligence Platform (CMS / Auditing issues) 5.3 Medium 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2879132 BI-RA-WBI-FE [CVE-2020-6226] Cross-Site Scripting (XSS) vulnerabilities in SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) 5.4 Medium 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 420
2876059 BI-BIP-INV [CVE-2020-6216] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BILaunchpad/ Opendocument) 6.1 Medium 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2898077 BI-DEV-WEB [CVE-2020-6237] Information Disclosure in SAP Business Objects Business Intelligence Platform (dswsbobje Web Application) 7.5 High 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
2918762 XX-PART-ADB-IFM Multiple vulnerabilities in Adobe LiveCycle Designer 11.0 6.5 Medium 2020-06 2020/06/09 Program error Adobe LiveCycle Designer ENTERPRISE 420
2918924 CEC-COM-CPS [CVE-2020-6265] Use of Hard-coded Credentials in SAP Commerce and SAP Commerce Datahub 9.8 Hot News 2020-06 2020/06/09 Program error SAP Cloud Commerce ENTERPRISE 420
2905836 BI-DEV-WEB [CVE-2020-6269] Information Disclosure in SAP Business Objects Business Intelligence Platform 4.3 Medium 2020-06 2020/06/09 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2849967 BI-BIP-AUT [CVE-2020-6276] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata) 6.1 Medium 2020-07 2020/07/14 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2912708 BI-BIP-INV [CVE-2020-6278] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC) 5.4 Medium 2020-07 2020/07/14 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
2917743 BI-BIP-INV [CVE-2020-6281] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad) 6.1 Medium 2020-07 2020/07/14 Program error BI/BO platform ENTERPRISE 420
2927956 BI-RA-CR [CVE-2020-6294] Missing Authentication check in SAP BusinessObjects Business Intelligence Platform 8.5 High 2020-08 2020/08/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2921615 BI-BIP-SRV BI Platform stores SAP BW Authentication Password as clear text 5.5 Medium 2020-08 2020/08/11 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
2925827 BI-BIP-CMC [CVE-2020-6300] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Central Management Console) 4.8 Medium 2020-08 2020/08/11 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2965154 BI-RA-WBI-FE [CVE-2021-21447] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) 5.4 Medium 2021-01 2021/01/12 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420
2935791 BI-BIP-CMC [CVE-2021-21444] Clickjacking vulnerability in SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 5.4 Medium 2021-02 2021/02/09 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
3044751 BI-RA-WBI-FE-HTM [CVE-2021-33667] Information Disclosure in SAP Business Objects Web Intelligence (BI Launchpad) 4.3 Medium 2021-07 2021/07/13 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2930128 BI-BIP-BIW [CVE-2020-6325] Multiple Vulnerabilities in SAP BusinessObjects Business Intelligence Platform 5.4 Medium 2020-09 2020/09/08 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420
2911863 BI-BIP-CMC Information Disclosure in BOE/CMC application 5.3 Medium 2021-04 2021/04/13 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3098917 BI-RA-AWB [CVE-2021-40497] Information Disclosure in SAP BusinessObjects Analysis (edition for OLAP) 4.3 Medium 2021-10 2021/10/12 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2943844 BI-DEV-JAV [CVE-2020-6308] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Services) 5.3 Medium 2020-10 2020/10/13 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430
2861301 BI-RA-CR [CVE-2020-6208] Remote Code Execution in SAP Business Objects Business Intelligence Platform (Crystal Reports) 8.2 High 2020-03 2020/03/10 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420 ENTERPRISE 430 CRYSTAL REPORTS FOR VS 2010
3062085 BI-RA-CR-VW [CVE-2021-33696] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report) 5.4 Medium 2021-08 2021/08/10 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
2880804 BI-RA-WBI-FE-HTM [CVE-2020-6222] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) 5.4 Medium 2020-04 2020/04/14 Program error BI/BO platform ENTERPRISE 410 ENTERPRISE 420
3055180 BI-BIP-INV [CVE-2021-33679] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) 5.4 Medium 2021-09 2021/09/14 Program error BI/BO platform ENTERPRISE 420
3063048 BI-BIP-INV [CVE-2021-33697] Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5) 4.7 Medium 2021-08 2021/08/10 Program error BI/BO platform ENTERPRISE 420 ENTERPRISE 430
3074693 BI-RA-CR-DB [CVE-2021-40500] Missing XML Validation in SAP BusinessObjects Business Intelligence Platform (Crystal Reports) 6.9 Medium 2021-10 2021/10/12 Program error BI/BO platform CRYSTAL REPORTS 42 CRYSTAL REPORTS 43 ENTERPRISE 420 ENTERPRISE 430
ABEX logo

SecurityBridge helps in prioritizing SAP patches, updates and the remediation strategies essential for preventing the disruption of vital business systems. We help businesses in making their SAP systems more secure.

SecurityBridge

© Copyright 2022 by SecurityBridge // NCMI GmbH