Page 2 of 17 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

25 Feb 2015 — SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. SAP BusinessObjects Edge 4.0 permite a atacantes remotos borrar eventos de auditorias de la cola auditada a través de una operación clearData CORBA, también conocido como SAP Note 2011396. It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote servi... • http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

25 Feb 2015 — The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. El servicio Auditing en SAP BusinessObjects Edge 4.0 permite a atacantes remotos obtener información sensible leyendo un evento de auditoría, vulnerabilidad también conocida como SAP Note 2011395. It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information includ... • http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

25 Feb 2015 — The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. El File RepositoRy Server (FRS) CORBA listener en SAP BussinessObjects Edge versión 4.0, permite a atacantes remotos leer archivos arbitrarios por medio de una ruta completa, también se conoce como SAP Note 2018682 Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file st... • https://packetstorm.news/files/id/130520 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

16 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la funcionalidad Send to Inbox en SAP BusinessObjects BI EDGE 4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores sin especificar. • http://packetstormsecurity.com/files/128602/SAP-BusinessObjects-Persistent-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

16 Oct 2014 — The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. El servicio de escucha CMS CORBA en SAP BusinessObjects BI Edge 4.0 permite a atacantes remotos provocar una denegación de servicio (apagado del servidor) a través de un mensaje OSCAFactory::Session ORB manipulado. • http://packetstormsecurity.com/files/128600/SAP-Business-Objects-Denial-Of-Service-Via-CORBA.html • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

16 Oct 2014 — SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. BusinessObjects Edge 4.0 permite a atacantes remotos obtener información sensible a través de una petición InfoStore a un servicio de escucha CORBA. • http://packetstormsecurity.com/files/128601/SAP-Business-Objects-Information-Disclosure-Via-CORBA.html •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

16 Oct 2014 — SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. SAP BusinessObjects 4.0 y BusinessObjects XI (BOXI) R2 y 3.1 generan mensajes de error tras un intento de inicio de sesión fallido con diferente tiempo de retraso dependiendo de si la cuenta de... • http://scn.sap.com/docs/DOC-8218 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •