5

CVE-2014-8316

Exploit
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPBusinessobjects Explorer Version14.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.79% 0.845
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://scn.sap.com/docs/DOC-55451
Vendor Advisory
http://packetstormsecurity.com/files/128633/SAP-BusinessObjects-Explorer-14.0.5-XXE-Injection.html
Exploit
http://seclists.org/fulldisclosure/2014/Oct/50
Exploit
http://www.csnc.ch/misc/files/advisories/CSNC-2013-018_SAP_BusinessObjects_Explorer_XXE.txt
Exploit
http://www.securityfocus.com/archive/1/533673/100/0/threaded
http://www.securityfocus.com/bid/70384
https://exchange.xforce.ibmcloud.com/vulnerabilities/96933
https://service.sap.com/sap/support/notes/1908531
Vendor Advisory