CVE-2015-2075
https://notcve.org/view.php?id=CVE-2015-2075
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. SAP BusinessObjects Edge 4.0 permite a atacantes remotos borrar eventos de auditorias de la cola auditada a través de una operación clearData CORBA, también conocido como SAP Note 2011396. • http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html http://seclists.org/fulldisclosure/2015/Feb/95 http://www.securityfocus.com/archive/1/534751/100/0/threaded http://www.securityfocus.com/bid/72778 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-2074
https://notcve.org/view.php?id=CVE-2015-2074
The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. El File Repository Server (FRS) CORBA listener en SAP BussinessObjects Edge versión 4.0, permite a atacantes remotos escribir en archivos arbitrarios por medio de una ruta completa, también se conoce como SAP Note 2018681 • http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html http://seclists.org/fulldisclosure/2015/Feb/93 http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded http://www.securityfocus.com/bid/72776 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2015-2073
https://notcve.org/view.php?id=CVE-2015-2073
The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. El File RepositoRy Server (FRS) CORBA listener en SAP BussinessObjects Edge versión 4.0, permite a atacantes remotos leer archivos arbitrarios por medio de una ruta completa, también se conoce como SAP Note 2018682 • http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html http://seclists.org/fulldisclosure/2015/Feb/92 http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded http://www.securityfocus.com/bid/72774 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-8310
https://notcve.org/view.php?id=CVE-2014-8310
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message. El servicio de escucha CMS CORBA en SAP BusinessObjects BI Edge 4.0 permite a atacantes remotos provocar una denegación de servicio (apagado del servidor) a través de un mensaje OSCAFactory::Session ORB manipulado. • http://packetstormsecurity.com/files/128600/SAP-Business-Objects-Denial-Of-Service-Via-CORBA.html http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Oct/40 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-030 http://www.securityfocus.com/archive/1/533646/100/0/threaded http://www.securityfocus.com/bid/70308 https://exchange.xforce.ibmcloud.com/vulnerabilities/96875 https://service.sap.com/sap/support/notes/2001106 • CWE-20: Improper Input Validation •
CVE-2014-8311
https://notcve.org/view.php?id=CVE-2014-8311
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. BusinessObjects Edge 4.0 permite a atacantes remotos obtener información sensible a través de una petición InfoStore a un servicio de escucha CORBA. • http://packetstormsecurity.com/files/128601/SAP-Business-Objects-Information-Disclosure-Via-CORBA.html http://seclists.org/fulldisclosure/2014/Oct/39 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-031 http://www.securityfocus.com/archive/1/533648/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/96876 https://service.sap.com/sap/support/notes/1998990 •