Vulnerabilities > CVE-2014-8316 - Unspecified vulnerability in SAP Businessobjects Explorer 14.0.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html
- http://scn.sap.com/docs/DOC-55451
- http://seclists.org/fulldisclosure/2014/Oct/50
- http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt
- http://www.securityfocus.com/archive/1/533673/100/0/threaded
- http://www.securityfocus.com/bid/70384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96933
- https://service.sap.com/sap/support/notes/1908531