3169036 - BI 4.2 / 4.3 / 2025 / 2027 - Fixed CVE and Vulnerabilities List

Symptom

How to find all the CVEs fixed in BI 4.2 and BI 4.3 in a Support Pack and / or Patch ?

Note:

Information in this KBA is organized / updated based on SAP Security Notes released on SAP Security Patch Day evey month.
Information in this KBA is specific to Security Fixes released vide BusinessObjects Business Intelligence (BI) Platform Support Packs and Patches.

How can Customers use the information in this KBA:

Identify the Security Fixes released in higher patches above the current patch in the Production landscape.
Click on the corresponding SAP Note link and review the Symptom and Criticality (CVSS Score) of the fixed vulnerability documented in the SAP Note.
Consider this information while planning for the next SAP BusinessObjects Business Intelligence (BI) Platform upgrade.

Environment

SAP BusinessObjects Business Intelligence 4.x (4.2 / 4.3)
SAP BusinessObjects Business Intelligence 2025
SAP BusinessObjects Business Intelligence 2027

Product

SAP BusinessObjects Business Intelligence platform 2025 ; SAP BusinessObjects Business Intelligence platform 2027 ; SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3

Keywords

SAP Business Objects 4.x fixed vulnerability list SQL Injection Cross-Site Scripting (XSS) URL Redirection Information Disclosure Stored & Reflected XSS Content Spoofing Missing Authentication check Clickjacking Reverse Tabnabbing Missing XML Validation Security Patch Day Fixes Fix , KBA , BI-BIP-SEC , Security Vulnerabilities in SAP BusinessObjects , BI-BIP-INV , InfoView, BI launch pad , BI-BIP-CMC , Central Management Console (CMC) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.