CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2015-7730
https://notcve.org/view.php?id=CVE-2015-7730
15 Oct 2015 — SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108. SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0 y BusinessObjects XI (BOXI) 3.1 R3 permite a atacantes remotos causar una denegación de servicio (lectura fuera de limite y caída del receptor) a través de un paquete GIOP manipulado, también conocido... • http://seclists.org/fulldisclosure/2015/Sep/81 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2015-2074 – SAP Business Objects Unauthorized File Repository Server Write
https://notcve.org/view.php?id=CVE-2015-2074
25 Feb 2015 — The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. El File Repository Server (FRS) CORBA listener en SAP BussinessObjects Edge versión 4.0, permite a atacantes remotos escribir en archivos arbitrarios por medio de una ruta completa, también se conoce como SAP Note 2018681 Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of ... • https://packetstorm.news/files/id/130521 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2075 – SAP Business Objects Unauthorized Audit Information Delete
https://notcve.org/view.php?id=CVE-2015-2075
25 Feb 2015 — SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. SAP BusinessObjects Edge 4.0 permite a atacantes remotos borrar eventos de auditorias de la cola auditada a través de una operación clearData CORBA, también conocido como SAP Note 2011396. It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote servi... • http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2076 – SAP Business Objects Unauthorized Audit Information Access
https://notcve.org/view.php?id=CVE-2015-2076
25 Feb 2015 — The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. El servicio Auditing en SAP BusinessObjects Edge 4.0 permite a atacantes remotos obtener información sensible leyendo un evento de auditoría, vulnerabilidad también conocida como SAP Note 2011395. It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information includ... • http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2015-2073 – SAP Business Objects Unauthorized File Repository Server Read
https://notcve.org/view.php?id=CVE-2015-2073
25 Feb 2015 — The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. El File RepositoRy Server (FRS) CORBA listener en SAP BussinessObjects Edge versión 4.0, permite a atacantes remotos leer archivos arbitrarios por medio de una ruta completa, también se conoce como SAP Note 2018682 Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file st... • https://packetstorm.news/files/id/130520 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9387
https://notcve.org/view.php?id=CVE-2014-9387
17 Dec 2014 — SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. SAP BusinessObjects Edge 4.1 permite a atacantes remotos obtener la token SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN y obtener privilegios a través de una llamada CORBA manipulada, también conocido como SAP Note 2039905. • http://seclists.org/fulldisclosure/2014/Dec/60 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-9320 – SAP Business Objects Search Token Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9320
16 Dec 2014 — SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. SAP BusinessObjects Edge versión 4.1, permite a atacantes remotos obtener el token SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN y, en consecuencia, alcanzar privilegios SYSTEM por medio de vectores que implican llamadas CORBA, también se conoce como SAP Note 2039905 By exploiting a search token privilege escal... • http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8308
https://notcve.org/view.php?id=CVE-2014-8308
16 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la funcionalidad Send to Inbox en SAP BusinessObjects BI EDGE 4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores sin especificar. • http://packetstormsecurity.com/files/128602/SAP-BusinessObjects-Persistent-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 3CVE-2014-8316
https://notcve.org/view.php?id=CVE-2014-8316
16 Oct 2014 — XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. Vulnerabilidad XML External Entity (XXE) en polestar_xml.jsp en SAP BusinessObjects Explorer 14.0.5 build 882 permite a atacantes remotos leer archivos arbitrarios a través del parámetro xmlParameter en una petición explorationSpaceUpdate. • http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8315
https://notcve.org/view.php?id=CVE-2014-8315
16 Oct 2014 — polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. La aplicación polestar_xml.jsp en SAP BusinessObjects Explorer 14.0.5 build 882 responde con diferencias en el tiempo dependiendo si una conexión puede hacerse o no, lo que permite a atacantes remotos realizar ataques de escaneo de puertos a través del nombre del ... • http://seclists.org/fulldisclosure/2014/Oct/48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •