CVE-2018-2432
https://notcve.org/view.php?id=CVE-2018-2432
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking. SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) 4.10, 4.20 y 4.30 permite que un atacante incluya datos no validados en la cabecera de respuesta HTTP enviada a un usuario web. La explotación con éxito de esta vulnerabilidad podría desembocar en ataques avanzados, incluyendo Cross-Site Scripting (XSS) y el secuestro de páginas. • http://www.securityfocus.com/bid/104716 https://launchpad.support.sap.com/#/notes/2523290 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2408
https://notcve.org/view.php?id=CVE-2018-2408
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. Gestión incorrecta de sesión en SAP Business Objects, en su versión 4.0, desde la versión 4.20, 4.30, en CMC/BI Launchpad/Fiorified BI Launchpad. En el caso de que se cambie la contraseña de un usuario, el resto de sesiones activas creadas con la contraseña antigua seguirán estando activas. • http://www.securityfocus.com/bid/103700 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2537150 • CWE-384: Session Fixation •
CVE-2015-7730
https://notcve.org/view.php?id=CVE-2015-7730
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108. SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0 y BusinessObjects XI (BOXI) 3.1 R3 permite a atacantes remotos causar una denegación de servicio (lectura fuera de limite y caída del receptor) a través de un paquete GIOP manipulado, también conocido como SAP Security Note 2001108. • http://seclists.org/fulldisclosure/2015/Sep/81 http://www.securitytracker.com/id/1033637 https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9387
https://notcve.org/view.php?id=CVE-2014-9387
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. SAP BusinessObjects Edge 4.1 permite a atacantes remotos obtener la token SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN y obtener privilegios a través de una llamada CORBA manipulada, también conocido como SAP Note 2039905. • http://seclists.org/fulldisclosure/2014/Dec/60 http://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba http://www.securityfocus.com/archive/1/534249/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-9320
https://notcve.org/view.php?id=CVE-2014-9320
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. SAP BusinessObjects Edge versión 4.1, permite a atacantes remotos obtener el token SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN y, en consecuencia, alcanzar privilegios SYSTEM por medio de vectores que implican llamadas CORBA, también se conoce como SAP Note 2039905 • http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html http://seclists.org/fulldisclosure/2014/Dec/60 https://exchange.xforce.ibmcloud.com/vulnerabilities/99607 https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded • CWE-287: Improper Authentication •