18 matches found
Design/Logic Flaw
The File RepositoRy Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682...
CVE-2015-2074
The File Repository Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681...
CVE-2015-2074
The CVE-2015-2074 issue affects SAP BusinessObjects Edge 4.0: the File Repository Server (FRS) CORBA listener allows remote, unauthenticated writers to overwrite arbitrary files via a full pathname. Onapsis/SAP notes describe this vulnerability and patch SAP Note 2018681 with fixes for affected r...
CVE-2015-2073
The CVE-2015-2073 vulnerability affects SAP BusinessObjects Edge 4.0, specifically the File Repository Server (FRS) CORBA listener, which allows remote read access to arbitrary files via a full pathname. Root cause: unauthorized file read through CORBA interface without authentication; attacker n...
CVE-2015-2075
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396...
CVE-2015-2075
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396...
Design/Logic Flaw
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395...
Design/Logic Flaw
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396...
CVE-2015-2075
SAP BusinessObjects Edge 4.0 is vulnerable to an unauthenticated remote attack that can delete audit events from the auditee queue via the clearData CORBA operation. The root cause is improper authorization (CWE-285) in the CORBA interface, allowing an attacker to instruct the remote auditee to c...
CVE-2015-2076
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395...
CVE-2015-2076
The CVE-2015-2076 vulnerability affects SAP BusinessObjects Edge 4.0, where an unauthenticated remote attacker could read auditing information via the Auditing service. The Onapsis advisory and SAP notes identify an unauthorized access risk exposing audit events (e.g., report names, universe quer...
CVE-2014-8308
Cross-site scripting XSS vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-8310
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service server shutdown via crafted OSCAFactory::Session ORB message...
CVE-2014-8310
The CVE-2014-8310 entry affects SAP BusinessObjects BI Edge 4.0, specifically the CMS CORBA listener. A vulnerability in the OSCAFactory::Session ORB handling allows remote attackers to cause a denial of service (server shutdown). The available data does not specify exploit details beyond the cra...
CVE-2014-8311
CVE-2014-8311 affects SAP BusinessObjects Edge 4.0. Remote attackers can obtain sensitive information via an InfoStore query to a CORBA listener, causing information disclosure. The provided sources do not specify affected subversions or a fixed patch in this context. Exploitation details are not...
CVE-2014-8311
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener...
CVE-2014-8308
Cross-site scripting XSS vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-8308
CVE-2014-8308 is an XSS vulnerability in SAP BusinessObjects BI EDGE 4.0’s Send to Inbox function. CVSS2 base score 4.3 (MEDIUM); attack vector NETWORK, attack complexity MEDIUM, no authentication, confidentiality impact NONE, integrity impact PARTIAL, availability impact NONE. Exploitation detai...