Lucene search
K
SapBusinessobjects Edge

6 matches found

CVE
CVE
added 2021/08/09 6:3 p.m.73 views

CVE-2015-2073

The CVE-2015-2073 vulnerability affects SAP BusinessObjects Edge 4.0, specifically the File Repository Server (FRS) CORBA listener, which allows remote read access to arbitrary files via a full pathname. Root cause: unauthorized file read through CORBA interface without authentication; attacker n...

7.5CVSS7.3AI score0.03959EPSS
CVE
CVE
added 2021/08/09 6:3 p.m.71 views

CVE-2014-9320

CVE-2014-9320 affects SAP BusinessObjects Edge 4.1. An attacker can obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN via CORBA, enabling privilege escalation to SYSTEM. The issue originates from improper access control in CORBA calls, potentially exploitable by remote users (possibly without auth...

9.8CVSS9.2AI score0.04245EPSS
CVE
CVE
added 2021/08/09 6:3 p.m.67 views

CVE-2015-2074

The CVE-2015-2074 issue affects SAP BusinessObjects Edge 4.0: the File Repository Server (FRS) CORBA listener allows remote, unauthenticated writers to overwrite arbitrary files via a full pathname. Onapsis/SAP notes describe this vulnerability and patch SAP Note 2018681 with fixes for affected r...

7.5CVSS7.5AI score0.03499EPSS
Web
CVE
CVE
added 2015/10/15 8:0 p.m.55 views

CVE-2015-7730

CVE-2015-7730 affects SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3. A crafted GIOP packet can trigger an out-of-bounds read and listener crash, enabling remote denial of service. The entry documents this as SAP Security Note 2001108. Exploita...

10CVSS6.7AI score0.03628EPSS
CVE
CVE
added 2015/02/27 3:0 p.m.51 views

CVE-2015-2076

The CVE-2015-2076 vulnerability affects SAP BusinessObjects Edge 4.0, where an unauthenticated remote attacker could read auditing information via the Auditing service. The Onapsis advisory and SAP notes identify an unauthorized access risk exposing audit events (e.g., report names, universe quer...

5CVSS6.3AI score0.02329EPSS
CVE
CVE
added 2015/02/27 3:0 p.m.49 views

CVE-2015-2075

SAP BusinessObjects Edge 4.0 is vulnerable to an unauthenticated remote attack that can delete audit events from the auditee queue via the clearData CORBA operation. The root cause is improper authorization (CWE-285) in the CORBA interface, allowing an attacker to instruct the remote auditee to c...

5CVSS6.8AI score0.02839EPSS