CVE-2014-9320
SAP Business Objects Search Token Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.
SAP BusinessObjects Edge versión 4.1, permite a atacantes remotos obtener el token SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN y, en consecuencia, alcanzar privilegios SYSTEM por medio de vectores que implican llamadas CORBA, también se conoce como SAP Note 2039905
By exploiting a search token privilege escalation vulnerability, a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure. BusinessObjects Edge version 4.1 is affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-12-07 CVE Reserved
- 2014-12-16 CVE Published
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html | Third Party Advisory |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99607 | Third Party Advisory | |
| https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba | Broken Link | |
| https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Dec/60 | 2021-08-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Businessobjects Edge Search vendor "Sap" for product "Businessobjects Edge" | 4.1 Search vendor "Sap" for product "Businessobjects Edge" and version "4.1" | - |
Affected
| ||||||