Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for businessobjects_edge by sap

    CVE-2015-2074 (GCVE-0-2015-2074)

    Vulnerability from nvd – Published: 2021-08-09 18:03 – Updated: 2024-08-06 05:02
    VLAI
    Summary
    The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:02:43.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Feb/93"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72776"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-09T18:03:10.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Feb/93"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/72776"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html"
                },
                {
                  "name": "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2015/Feb/93",
                  "refsource": "MISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Feb/93"
                },
                {
                  "name": "http://www.securityfocus.com/bid/72776",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/72776"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2074",
        "datePublished": "2021-08-09T18:03:10.000Z",
        "dateReserved": "2015-02-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:02:43.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2073 (GCVE-0-2015-2073)

    Vulnerability from nvd – Published: 2021-08-09 18:03 – Updated: 2024-08-06 05:02
    VLAI
    Summary
    The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:02:43.405Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Feb/92"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72774"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-09T18:03:08.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Feb/92"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/72774"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html"
                },
                {
                  "name": "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2015/Feb/92",
                  "refsource": "MISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Feb/92"
                },
                {
                  "name": "http://www.securityfocus.com/bid/72774",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/72774"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2073",
        "datePublished": "2021-08-09T18:03:08.000Z",
        "dateReserved": "2015-02-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:02:43.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9320 (GCVE-0-2014-9320)

    Vulnerability from nvd – Published: 2021-08-09 18:03 – Updated: 2024-08-06 13:40
    VLAI
    Summary
    SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:40:25.088Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Dec/60"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-09T18:03:15.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Dec/60"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9320",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html"
                },
                {
                  "name": "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba",
                  "refsource": "MISC",
                  "url": "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba"
                },
                {
                  "name": "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded",
                  "refsource": "MISC",
                  "url": "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2014/Dec/60",
                  "refsource": "MISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Dec/60"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9320",
        "datePublished": "2021-08-09T18:03:15.000Z",
        "dateReserved": "2014-12-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:40:25.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7730 (GCVE-0-2015-7730)

    Vulnerability from nvd – Published: 2015-10-15 20:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition"
              },
              {
                "name": "1033637",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033637"
              },
              {
                "name": "20150922 [Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Sep/81"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-10-15T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition"
            },
            {
              "name": "1033637",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033637"
            },
            {
              "name": "20150922 [Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Sep/81"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7730",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption",
                  "refsource": "MISC",
                  "url": "https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption"
                },
                {
                  "name": "https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition",
                  "refsource": "MISC",
                  "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition"
                },
                {
                  "name": "1033637",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033637"
                },
                {
                  "name": "20150922 [Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Sep/81"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7730",
        "datePublished": "2015-10-15T20:00:00.000Z",
        "dateReserved": "2015-10-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2076 (GCVE-0-2015-2076)

    Vulnerability from nvd – Published: 2015-02-27 15:00 – Updated: 2024-08-06 05:02
    VLAI
    Summary
    The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:02:43.316Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/534750/100/0/threaded"
              },
              {
                "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Feb/94"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html"
              },
              {
                "name": "72775",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72775"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/534750/100/0/threaded"
            },
            {
              "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Feb/94"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html"
            },
            {
              "name": "72775",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72775"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2076",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/534750/100/0/threaded"
                },
                {
                  "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Feb/94"
                },
                {
                  "name": "http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html"
                },
                {
                  "name": "72775",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72775"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2076",
        "datePublished": "2015-02-27T15:00:00.000Z",
        "dateReserved": "2015-02-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:02:43.316Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2075 (GCVE-0-2015-2075)

    Vulnerability from nvd – Published: 2015-02-27 15:00 – Updated: 2024-08-06 05:02
    VLAI
    Summary
    SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:02:43.436Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/534751/100/0/threaded"
              },
              {
                "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Feb/95"
              },
              {
                "name": "72778",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72778"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/534751/100/0/threaded"
            },
            {
              "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Feb/95"
            },
            {
              "name": "72778",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72778"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2075",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/534751/100/0/threaded"
                },
                {
                  "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Feb/95"
                },
                {
                  "name": "72778",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72778"
                },
                {
                  "name": "http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2075",
        "datePublished": "2015-02-27T15:00:00.000Z",
        "dateReserved": "2015-02-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:02:43.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-9320 (GCVE-0-2014-9320)

    Vulnerability from cvelistv5 – Published: 2021-08-09 18:03 – Updated: 2024-08-06 13:40
    VLAI
    Summary
    SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2014-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:40:25.088Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2014/Dec/60"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-09T18:03:15.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Dec/60"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-9320",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/129613/SAP-Business-Objects-Search-Token-Privilege-Escalation.html"
                },
                {
                  "name": "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba",
                  "refsource": "MISC",
                  "url": "https://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba"
                },
                {
                  "name": "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded",
                  "refsource": "MISC",
                  "url": "https://www.securityfocus.com/archive/1/archive/1/534249/100/0/threaded"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2014/Dec/60",
                  "refsource": "MISC",
                  "url": "http://seclists.org/fulldisclosure/2014/Dec/60"
                },
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99607"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-9320",
        "datePublished": "2021-08-09T18:03:15.000Z",
        "dateReserved": "2014-12-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:40:25.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2074 (GCVE-0-2015-2074)

    Vulnerability from cvelistv5 – Published: 2021-08-09 18:03 – Updated: 2024-08-06 05:02
    VLAI
    Summary
    The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:02:43.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Feb/93"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72776"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-09T18:03:10.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Feb/93"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/72776"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html"
                },
                {
                  "name": "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2015/Feb/93",
                  "refsource": "MISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Feb/93"
                },
                {
                  "name": "http://www.securityfocus.com/bid/72776",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/72776"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2074",
        "datePublished": "2021-08-09T18:03:10.000Z",
        "dateReserved": "2015-02-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:02:43.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2073 (GCVE-0-2015-2073)

    Vulnerability from cvelistv5 – Published: 2021-08-09 18:03 – Updated: 2024-08-06 05:02
    VLAI
    Summary
    The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:02:43.405Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Feb/92"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72774"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-09T18:03:08.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Feb/92"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/72774"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130520/SAP-Business-Objects-Unauthorized-File-Repository-Server-Read.html"
                },
                {
                  "name": "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/archive/1/archive/1/534748/100/0/threaded"
                },
                {
                  "name": "http://seclists.org/fulldisclosure/2015/Feb/92",
                  "refsource": "MISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Feb/92"
                },
                {
                  "name": "http://www.securityfocus.com/bid/72774",
                  "refsource": "MISC",
                  "url": "http://www.securityfocus.com/bid/72774"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2073",
        "datePublished": "2021-08-09T18:03:08.000Z",
        "dateReserved": "2015-02-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:02:43.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7730 (GCVE-0-2015-7730)

    Vulnerability from cvelistv5 – Published: 2015-10-15 20:00 – Updated: 2024-08-06 07:58
    VLAI
    Summary
    SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:58:59.953Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition"
              },
              {
                "name": "1033637",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1033637"
              },
              {
                "name": "20150922 [Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Sep/81"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-10-15T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition"
            },
            {
              "name": "1033637",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1033637"
            },
            {
              "name": "20150922 [Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Sep/81"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7730",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption",
                  "refsource": "MISC",
                  "url": "https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption"
                },
                {
                  "name": "https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition",
                  "refsource": "MISC",
                  "url": "https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition"
                },
                {
                  "name": "1033637",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1033637"
                },
                {
                  "name": "20150922 [Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Sep/81"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7730",
        "datePublished": "2015-10-15T20:00:00.000Z",
        "dateReserved": "2015-10-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:58:59.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2075 (GCVE-0-2015-2075)

    Vulnerability from cvelistv5 – Published: 2015-02-27 15:00 – Updated: 2024-08-06 05:02
    VLAI
    Summary
    SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:02:43.436Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/534751/100/0/threaded"
              },
              {
                "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Feb/95"
              },
              {
                "name": "72778",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72778"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/534751/100/0/threaded"
            },
            {
              "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Feb/95"
            },
            {
              "name": "72778",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72778"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2075",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/534751/100/0/threaded"
                },
                {
                  "name": "20150225 [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Feb/95"
                },
                {
                  "name": "72778",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72778"
                },
                {
                  "name": "http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130522/SAP-Business-Objects-Unauthorized-Audit-Information-Delete.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2075",
        "datePublished": "2015-02-27T15:00:00.000Z",
        "dateReserved": "2015-02-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:02:43.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2076 (GCVE-0-2015-2076)

    Vulnerability from cvelistv5 – Published: 2015-02-27 15:00 – Updated: 2024-08-06 05:02
    VLAI
    Summary
    The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:02:43.316Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/534750/100/0/threaded"
              },
              {
                "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Feb/94"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html"
              },
              {
                "name": "72775",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/72775"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/534750/100/0/threaded"
            },
            {
              "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Feb/94"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html"
            },
            {
              "name": "72775",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/72775"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2076",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/534750/100/0/threaded"
                },
                {
                  "name": "20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Feb/94"
                },
                {
                  "name": "http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/130523/SAP-Business-Objects-Unauthorized-Audit-Information-Access.html"
                },
                {
                  "name": "72775",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/72775"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2076",
        "datePublished": "2015-02-27T15:00:00.000Z",
        "dateReserved": "2015-02-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:02:43.316Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }