Vulnerabilities > SAP > Businessobjects > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-10-15 | CVE-2015-7730 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108. | 10.0 |
2014-12-17 | CVE-2014-9387 | Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 4.1 SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905. | 10.0 |
2010-10-18 | CVE-2010-0219 | Credentials Management vulnerability in multiple products Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. | 10.0 |
2010-10-18 | CVE-2010-3983 | Permissions, Privileges, and Access Controls vulnerability in SAP Businessobjects 3.2 CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. | 9.0 |