GCVE - cpe:2.3:a:sap:businessobjects:4.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sap:businessobjects:4.0:*:*:*:*:*:*:*

part: a version: 4.0 update: *

Vendor	Sap (`dd5aa0c0-20b0-5c86-a937-aa29f1a33b77`)
Product	Businessobjects (`41449a32-b994-5050-a032-626373b63fd6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-2408`	vulnerable	2026-06-03 14:38:46.639665	Details available HIGH (7.3) Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. Published: 2018-04-10T15:00:00.000Z Updated: 2024-08-05T04:21:32.886Z Open on db.gcve.eu Reference links https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/ https://launchpad.support.sap.com/#/notes/2537150 http://www.securityfocus.com/bid/103700	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-8311`	vulnerable	2026-06-03 14:34:23.550398	Details available SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. Published: 2014-10-16T19:00:00.000Z Updated: 2024-08-06T13:10:51.033Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/96876 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-031 http://www.securityfocus.com/archive/1/533648/100/0/threaded http://seclists.org/fulldisclosure/2014/Oct/39 https://service.sap.com/sap/support/notes/1998990	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-8310`	vulnerable	2026-06-03 14:34:23.550047	Details available The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. Published: 2014-10-16T19:00:00.000Z Updated: 2024-08-06T13:10:51.045Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/70308 https://exchange.xforce.ibmcloud.com/vulnerabilities/96875 http://seclists.org/fulldisclosure/2014/Oct/40 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-030 http://www.securityfocus.com/archive/1/533646/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-8309`	vulnerable	2026-06-03 14:34:23.548090	Details available SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. Published: 2014-10-16T19:00:00.000Z Updated: 2024-08-06T13:10:51.142Z Open on db.gcve.eu Reference links https://service.sap.com/sap/support/notes/2001109 https://exchange.xforce.ibmcloud.com/vulnerabilities/96874 http://www.securityfocus.com/archive/1/533647/100/0/threaded http://seclists.org/fulldisclosure/2014/Oct/42 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-029	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-8308`	vulnerable	2026-06-03 14:34:23.547632	Details available Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2014-10-16T19:00:00.000Z Updated: 2024-08-06T13:10:51.141Z Open on db.gcve.eu Reference links https://service.sap.com/sap/support/notes/1941562 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-032 http://seclists.org/fulldisclosure/2014/Oct/41 https://exchange.xforce.ibmcloud.com/vulnerabilities/96873 http://scn.sap.com/docs/DOC-8218	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.