Vulnerabilities > SAP > Businessobjects Edge

DATE CVE VULNERABILITY TITLE RISK
2021-08-09 CVE-2014-9320 Improper Authentication vulnerability in SAP Businessobjects Edge 4.1
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.
network
sap CWE-287
critical
9.3
2021-08-09 CVE-2015-2073 Path Traversal vulnerability in SAP Businessobjects Edge 4.0
The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.
network
low complexity
sap CWE-22
5.0
2021-08-09 CVE-2015-2074 Path Traversal vulnerability in SAP Businessobjects Edge 4.0
The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
network
low complexity
sap CWE-22
5.0
2015-10-15 CVE-2015-7730 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products
SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
network
low complexity
sap CWE-119
critical
10.0
2015-02-27 CVE-2015-2076 Information Exposure vulnerability in SAP Businessobjects Edge 4.0
The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.
network
low complexity
sap CWE-200
5.0
2015-02-27 CVE-2015-2075 Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects Edge 4.0
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
network
low complexity
sap CWE-264
5.0