VYPR

Businessobjects Edge

by SAP

CVEs (10)

  • CVE-2014-9320CriAug 9, 2021
    risk 0.64cvss 9.8epss 0.04

    SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.

  • CVE-2015-2074HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.04

    The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.

  • CVE-2015-2073HigAug 9, 2021
    risk 0.49cvss 7.5epss 0.04

    The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.

  • CVE-2015-7730Oct 15, 2015
    risk 0.00cvss epss 0.04

    SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.

  • CVE-2015-2076Feb 27, 2015
    risk 0.00cvss epss 0.02

    The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.

  • CVE-2015-2075Feb 27, 2015
    risk 0.00cvss epss 0.03

    SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.

  • CVE-2014-9387Dec 17, 2014
    risk 0.00cvss epss 0.05

    SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.

  • CVE-2014-8311Oct 16, 2014
    risk 0.00cvss epss 0.02

    SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.

  • CVE-2014-8310Oct 16, 2014
    risk 0.00cvss epss 0.03

    The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.

  • CVE-2014-8308Oct 16, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.