CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2075 – SAP Business Objects Unauthorized Audit Information Delete
https://notcve.org/view.php?id=CVE-2015-2075
25 Feb 2015 — SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. SAP BusinessObjects Edge 4.0 permite a atacantes remotos borrar eventos de auditorias de la cola auditada a través de una operación clearData CORBA, también conocido como SAP Note 2011396. It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote servi... • http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2076 – SAP Business Objects Unauthorized Audit Information Access
https://notcve.org/view.php?id=CVE-2015-2076
25 Feb 2015 — The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. El servicio Auditing en SAP BusinessObjects Edge 4.0 permite a atacantes remotos obtener información sensible leyendo un evento de auditoría, vulnerabilidad también conocida como SAP Note 2011395. It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information includ... • http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2015-2073 – SAP Business Objects Unauthorized File Repository Server Read
https://notcve.org/view.php?id=CVE-2015-2073
25 Feb 2015 — The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. El File RepositoRy Server (FRS) CORBA listener en SAP BussinessObjects Edge versión 4.0, permite a atacantes remotos leer archivos arbitrarios por medio de una ruta completa, también se conoce como SAP Note 2018682 Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file st... • https://packetstorm.news/files/id/130520 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8308
https://notcve.org/view.php?id=CVE-2014-8308
16 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la funcionalidad Send to Inbox en SAP BusinessObjects BI EDGE 4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores sin especificar. • http://packetstormsecurity.com/files/128602/SAP-BusinessObjects-Persistent-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2014-8310
https://notcve.org/view.php?id=CVE-2014-8310
16 Oct 2014 — The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. El servicio de escucha CMS CORBA en SAP BusinessObjects BI Edge 4.0 permite a atacantes remotos provocar una denegación de servicio (apagado del servidor) a través de un mensaje OSCAFactory::Session ORB manipulado. • http://packetstormsecurity.com/files/128600/SAP-Business-Objects-Denial-Of-Service-Via-CORBA.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8311
https://notcve.org/view.php?id=CVE-2014-8311
16 Oct 2014 — SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. BusinessObjects Edge 4.0 permite a atacantes remotos obtener información sensible a través de una petición InfoStore a un servicio de escucha CORBA. • http://packetstormsecurity.com/files/128601/SAP-Business-Objects-Information-Disclosure-Via-CORBA.html •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8309
https://notcve.org/view.php?id=CVE-2014-8309
16 Oct 2014 — SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service. SAP BusinessObjects 4.0 y BusinessObjects XI (BOXI) R2 y 3.1 generan mensajes de error tras un intento de inicio de sesión fallido con diferente tiempo de retraso dependiendo de si la cuenta de... • http://scn.sap.com/docs/DOC-8218 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •