GCVE - cpe:2.3:a:sap:businessobjects:4.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sap:businessobjects:4.2:*:*:*:*:*:*:*

part: a version: 4.2 update: *

Vendor	Sap (`dd5aa0c0-20b0-5c86-a937-aa29f1a33b77`)
Product	Businessobjects (`41449a32-b994-5050-a032-626373b63fd6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-0303`	vulnerable	2026-06-03 14:39:19.061268	Details available SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed. Published: 2019-06-14T18:50:18.000Z Updated: 2024-08-04T17:44:16.390Z Open on db.gcve.eu Reference links https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 https://launchpad.support.sap.com/#/notes/2637997	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-0289`	vulnerable	2026-06-03 14:39:19.048592	Details available Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. Published: 2019-05-14T20:20:44.000Z Updated: 2024-08-04T17:44:16.424Z Open on db.gcve.eu Reference links https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 https://launchpad.support.sap.com/#/notes/2738796	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-0287`	vulnerable	2026-06-03 14:39:19.046904	Details available Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. Published: 2019-05-14T20:20:27.000Z Updated: 2024-08-04T17:44:16.324Z Open on db.gcve.eu Reference links https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 https://launchpad.support.sap.com/#/notes/2737278 http://www.securityfocus.com/bid/108316	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-0259`	vulnerable	2026-06-03 14:39:18.958913	Details available SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. Published: 2019-02-15T18:00:00.000Z Updated: 2024-08-04T17:44:16.377Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/106997 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 https://launchpad.support.sap.com/#/notes/2727564	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-0251`	vulnerable	2026-06-03 14:39:18.942511	Details available The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Published: 2019-02-15T18:00:00.000Z Updated: 2024-08-04T17:44:16.593Z Open on db.gcve.eu Reference links https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 http://www.securityfocus.com/bid/106993 https://launchpad.support.sap.com/#/notes/2638175	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.