CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2015-7730
https://notcve.org/view.php?id=CVE-2015-7730
15 Oct 2015 — SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108. SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0 y BusinessObjects XI (BOXI) 3.1 R3 permite a atacantes remotos causar una denegación de servicio (lectura fuera de limite y caída del receptor) a través de un paquete GIOP manipulado, también conocido... • http://seclists.org/fulldisclosure/2015/Sep/81 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2015-2074 – SAP Business Objects Unauthorized File Repository Server Write
https://notcve.org/view.php?id=CVE-2015-2074
25 Feb 2015 — The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. El File Repository Server (FRS) CORBA listener en SAP BussinessObjects Edge versión 4.0, permite a atacantes remotos escribir en archivos arbitrarios por medio de una ruta completa, también se conoce como SAP Note 2018681 Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of ... • https://packetstorm.news/files/id/130521 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2075 – SAP Business Objects Unauthorized Audit Information Delete
https://notcve.org/view.php?id=CVE-2015-2075
25 Feb 2015 — SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. SAP BusinessObjects Edge 4.0 permite a atacantes remotos borrar eventos de auditorias de la cola auditada a través de una operación clearData CORBA, también conocido como SAP Note 2011396. It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote servi... • http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2076 – SAP Business Objects Unauthorized Audit Information Access
https://notcve.org/view.php?id=CVE-2015-2076
25 Feb 2015 — The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. El servicio Auditing en SAP BusinessObjects Edge 4.0 permite a atacantes remotos obtener información sensible leyendo un evento de auditoría, vulnerabilidad también conocida como SAP Note 2011395. It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information includ... • http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2015-2073 – SAP Business Objects Unauthorized File Repository Server Read
https://notcve.org/view.php?id=CVE-2015-2073
25 Feb 2015 — The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. El File RepositoRy Server (FRS) CORBA listener en SAP BussinessObjects Edge versión 4.0, permite a atacantes remotos leer archivos arbitrarios por medio de una ruta completa, también se conoce como SAP Note 2018682 Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file st... • https://packetstorm.news/files/id/130520 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2014-9320 – SAP Business Objects Search Token Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9320
16 Dec 2014 — SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. SAP BusinessObjects Edge versión 4.1, permite a atacantes remotos obtener el token SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN y, en consecuencia, alcanzar privilegios SYSTEM por medio de vectores que implican llamadas CORBA, también se conoce como SAP Note 2039905 By exploiting a search token privilege escal... • http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html • CWE-287: Improper Authentication •