CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7730
https://notcve.org/view.php?id=CVE-2015-7730
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108. SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0 y BusinessObjects XI (BOXI) 3.1 R3 permite a atacantes remotos causar una denegación de servicio (lectura fuera de limite y caída del receptor) a través de un paquete GIOP manipulado, también conocido como SAP Security Note 2001108. • http://seclists.org/fulldisclosure/2015/Sep/81 http://www.securitytracker.com/id/1033637 https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2076
https://notcve.org/view.php?id=CVE-2015-2076
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. El servicio Auditing en SAP BusinessObjects Edge 4.0 permite a atacantes remotos obtener información sensible leyendo un evento de auditoría, vulnerabilidad también conocida como SAP Note 2011395. • http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html http://seclists.org/fulldisclosure/2015/Feb/94 http://www.securityfocus.com/archive/1/534750/100/0/threaded http://www.securityfocus.com/bid/72775 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2075
https://notcve.org/view.php?id=CVE-2015-2075
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. SAP BusinessObjects Edge 4.0 permite a atacantes remotos borrar eventos de auditorias de la cola auditada a través de una operación clearData CORBA, también conocido como SAP Note 2011396. • http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html http://seclists.org/fulldisclosure/2015/Feb/95 http://www.securityfocus.com/archive/1/534751/100/0/threaded http://www.securityfocus.com/bid/72778 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2074
https://notcve.org/view.php?id=CVE-2015-2074
The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. El File Repository Server (FRS) CORBA listener en SAP BussinessObjects Edge versión 4.0, permite a atacantes remotos escribir en archivos arbitrarios por medio de una ruta completa, también se conoce como SAP Note 2018681 • http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html http://seclists.org/fulldisclosure/2015/Feb/93 http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded http://www.securityfocus.com/bid/72776 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-2073
https://notcve.org/view.php?id=CVE-2015-2073
The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. El File RepositoRy Server (FRS) CORBA listener en SAP BussinessObjects Edge versión 4.0, permite a atacantes remotos leer archivos arbitrarios por medio de una ruta completa, también se conoce como SAP Note 2018682 • http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html http://seclists.org/fulldisclosure/2015/Feb/92 http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded http://www.securityfocus.com/bid/72774 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •