3169036 - BI 4.2 and BI 4.3 - Fixed CVE and Vulnerabilities List

How to find all the CVEs fixed in BI 4.2 and BI 4.3 in a Support Pack and / or Patch ?

Note:

• Information in this KBA is organized / updated based on SAP Security Notes released on SAP Security Patch Day evey month.
• Information in this KBA is specific to Security Fixes released vide BusinessObjects Business Intelligence (BI) Platform Support Packs and Patches.

How can Customers use the information in this KBA:

1. Identify the Security Fixes released in higher patches above the current patch in the Production landscape.
2. Click on the corresponding SAP Note link and review the Symptom and Criticality (CVSS Score) of the fixed vulnerability documented in the SAP Note.
3. Consider this information while planning for the next SAP BusinessObjects Business Intelligence (BI) Platform upgrade.

Read more...

• SAP BusinessObjects Business Intelligence 4.x (4.2 / 4.3)

SAP BusinessObjects Business Intelligence platform 2025 ; SAP BusinessObjects Business Intelligence platform 2027 ; SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3

SAP Business Objects 4.x fixed vulnerability list SQL Injection Cross-Site Scripting (XSS) URL Redirection Information Disclosure Stored & Reflected XSS Content Spoofing Missing Authentication check Clickjacking Reverse Tabnabbing Missing XML Validation Security Patch Day Fixes Fix , KBA , BI-BIP-SEC , Security Vulnerabilities in SAP BusinessObjects , BI-BIP-INV , InfoView, BI launch pad , BI-BIP-CMC , Central Management Console (CMC) , Problem