CVE-2014-8316
https://notcve.org/view.php?id=CVE-2014-8316
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. Vulnerabilidad XML External Entity (XXE) en polestar_xml.jsp en SAP BusinessObjects Explorer 14.0.5 build 882 permite a atacantes remotos leer archivos arbitrarios a través del parámetro xmlParameter en una petición explorationSpaceUpdate. • http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html http://scn.sap.com/docs/DOC-55451 http://seclists.org/fulldisclosure/2014/Oct/50 http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt http://www.securityfocus.com/archive/1/533673/100/0/threaded http://www.securityfocus.com/bid/70384 https://exchange.xforce.ibmcloud.com/vulnerabilities/96933 https://service.sap.com/sap/support/notes/1908531 •
CVE-2014-8315
https://notcve.org/view.php?id=CVE-2014-8315
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter. La aplicación polestar_xml.jsp en SAP BusinessObjects Explorer 14.0.5 build 882 responde con diferencias en el tiempo dependiendo si una conexión puede hacerse o no, lo que permite a atacantes remotos realizar ataques de escaneo de puertos a través del nombre del equipo y puerto en el parámetro cms. • http://seclists.org/fulldisclosure/2014/Oct/48 http://www.csnc.ch/misc/files/advisories/CSNC-2013-016_SAP_BusinessObjects_Explorer_Port-Scanning.txt http://www.securityfocus.com/archive/1/533672/100/0/threaded http://www.securityfocus.com/bid/70382 https://exchange.xforce.ibmcloud.com/vulnerabilities/96935 https://service.sap.com/sap/support/notes/1908562 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •