7.1

CVE-2014-8310

The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPBusinessobjects Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.92% 0.852
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://scn.sap.com/docs/DOC-8218
Vendor Advisory
http://packetstormsecurity.com/files/128600/SAP-Business-Objects-Denial-Of-Service-Via-CORBA.html
http://seclists.org/fulldisclosure/2014/Oct/40
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-030
http://www.securityfocus.com/archive/1/533646/100/0/threaded
http://www.securityfocus.com/bid/70308
https://exchange.xforce.ibmcloud.com/vulnerabilities/96875
https://service.sap.com/sap/support/notes/2001106
Vendor Advisory