5 matches found
Design/Logic Flaw
The File RepositoRy Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682...
CVE-2015-2075
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396...
CVE-2015-2075
SAP BusinessObjects Edge 4.0 is vulnerable to an unauthenticated remote attack that can delete audit events from the auditee queue via the clearData CORBA operation. The root cause is improper authorization (CWE-285) in the CORBA interface, allowing an attacker to instruct the remote auditee to c...
CVE-2015-2076
The CVE-2015-2076 vulnerability affects SAP BusinessObjects Edge 4.0, where an unauthenticated remote attacker could read auditing information via the Auditing service. The Onapsis advisory and SAP notes identify an unauthorized access risk exposing audit events (e.g., report names, universe quer...
CVE-2014-8311
CVE-2014-8311 affects SAP BusinessObjects Edge 4.0. Remote attackers can obtain sensitive information via an InfoStore query to a CORBA listener, causing information disclosure. The provided sources do not specify affected subversions or a fixed patch in this context. Exploitation details are not...