CVE-2015-7730
Description
SAP BusinessObjects BI Platform, Edge, and BOXI are vulnerable to denial of service via crafted GIOP packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SAP BusinessObjects BI Platform, Edge, and BOXI are vulnerable to denial of service via crafted GIOP packet.
Vulnerability
An out-of-bounds read vulnerability exists in the GIOP listener of SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3. A malformed GIOP packet triggers an invalid memory read, causing the listener process to crash [1][2].
Exploitation
An unauthenticated remote attacker can exploit this by sending a specially crafted GIOP packet to the vulnerable listener service over the network. No authentication or user interaction is required [1].
Impact
Successful exploitation results in a denial of service (DoS) due to the listener crash, rendering the BI platform unavailable. The attacker may also read arbitrary memory, potentially leading to information disclosure [2].
Mitigation
SAP has released Security Note 2001108 to address this vulnerability. Affected customers should apply the note as soon as possible. No workarounds are documented in the available references [1][2].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7- cpe:2.3:a:sap:businessobjects:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_edge:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sap:businessobjects_edge:4.0:*:*:*:*:*:*:*
- (no CPE)range: = 4.0
cpe:2.3:a:sap:businessobjects_xi:3.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:sap:businessobjects_xi:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:sap:businessobjects_xi:r3:*:*:*:*:*:*:*
- (no CPE)range: = 3.1 R3
- Range: = 4.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4News mentions
0No linked articles in our index yet.