CVE-2014-9387
https://notcve.org/view.php?id=CVE-2014-9387
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. SAP BusinessObjects Edge 4.1 permite a atacantes remotos obtener la token SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN y obtener privilegios a través de una llamada CORBA manipulada, también conocido como SAP Note 2039905. • http://seclists.org/fulldisclosure/2014/Dec/60 http://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba http://www.securityfocus.com/archive/1/534249/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-9320
https://notcve.org/view.php?id=CVE-2014-9320
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. SAP BusinessObjects Edge versión 4.1, permite a atacantes remotos obtener el token SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN y, en consecuencia, alcanzar privilegios SYSTEM por medio de vectores que implican llamadas CORBA, también se conoce como SAP Note 2039905 • http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html http://seclists.org/fulldisclosure/2014/Dec/60 https://exchange.xforce.ibmcloud.com/vulnerabilities/99607 https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded • CWE-287: Improper Authentication •
CVE-2014-8310
https://notcve.org/view.php?id=CVE-2014-8310
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. El servicio de escucha CMS CORBA en SAP BusinessObjects BI Edge 4.0 permite a atacantes remotos provocar una denegación de servicio (apagado del servidor) a través de un mensaje OSCAFactory::Session ORB manipulado. • http://packetstormsecurity.com/files/128600/SAP-Business-Objects-Denial-Of-Service-Via-CORBA.html http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Oct/40 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-030 http://www.securityfocus.com/archive/1/533646/100/0/threaded http://www.securityfocus.com/bid/70308 https://exchange.xforce.ibmcloud.com/vulnerabilities/96875 https://service.sap.com/sap/support/notes/2001106 • CWE-20: Improper Input Validation •
CVE-2014-8311
https://notcve.org/view.php?id=CVE-2014-8311
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. BusinessObjects Edge 4.0 permite a atacantes remotos obtener información sensible a través de una petición InfoStore a un servicio de escucha CORBA. • http://packetstormsecurity.com/files/128601/SAP-Business-Objects-Information-Disclosure-Via-CORBA.html http://seclists.org/fulldisclosure/2014/Oct/39 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-031 http://www.securityfocus.com/archive/1/533648/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/96876 https://service.sap.com/sap/support/notes/1998990 •
CVE-2014-8308
https://notcve.org/view.php?id=CVE-2014-8308
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la funcionalidad Send to Inbox en SAP BusinessObjects BI EDGE 4.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores sin especificar. • http://packetstormsecurity.com/files/128602/SAP-BusinessObjects-Persistent-Cross-Site-Scripting.html http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Oct/41 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-032 http://www.securityfocus.com/archive/1/533649/100/0/threaded http://www.securityfocus.com/bid/70290 https://exchange.xforce.ibmcloud.com/vulnerabilities/96873 https://service.sap.com/sap/support/notes/1941562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •