Vulnerabilities > CVE-2014-8316 - Unspecified vulnerability in SAP Businessobjects Explorer 14.0.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html
- http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html
- http://scn.sap.com/docs/DOC-55451
- http://scn.sap.com/docs/DOC-55451
- http://seclists.org/fulldisclosure/2014/Oct/50
- http://seclists.org/fulldisclosure/2014/Oct/50
- http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt
- http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt
- http://www.securityfocus.com/archive/1/533673/100/0/threaded
- http://www.securityfocus.com/archive/1/533673/100/0/threaded
- http://www.securityfocus.com/bid/70384
- http://www.securityfocus.com/bid/70384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96933
- https://service.sap.com/sap/support/notes/1908531
- https://service.sap.com/sap/support/notes/1908531