Lucene search
HistoryApr 14, 2005 - 4:00 a.m.
CVE-2004-0533
cve-2004-0533
business objects
webintelligence
access control
remote authentication
file deletion
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.7%
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
Affected configurations
Node
businessobjectsinfoviewMatch5.1.4
ORbusinessobjectsinfoviewMatch5.1.5
ORbusinessobjectsinfoviewMatch5.1.6
ORbusinessobjectsinfoviewMatch5.1.7
ORbusinessobjectsinfoviewMatch5.1.8
ORbusinessobjectswebintelligenceMatch2.7
ORbusinessobjectswebintelligenceMatch2.7.1
ORbusinessobjectswebintelligenceMatch2.7.2
ORbusinessobjectswebintelligenceMatch2.7.3
ORbusinessobjectswebintelligenceMatch2.7.4
Related
nvd
nvd
CVE-2004-0533
2004-12-31 05:00:00
securityvulns
securityvulns
cvelist
cvelist
CVE-2004-0533
2005-04-14 04:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.7%
Related for CVE-2004-0533