Onapsis Security Advisory - SAP Business Objects suffers from a memory corruption vulnerability. By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users.
38f5d4c8882c9a29b1c46ec18ce9b8b283de108c7ffe457c455f9e65e781276cOnapsis Security Advisory - It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.
92a03a7a9374710770746549090119067b75fdc71c5a1c6527932e9be9239ecdOnapsis Security Advisory - It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it's queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.
525b0210fa38e332bad09f1f23be059b8cff27946645438a054d05c005ac4ec0Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.
6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121dbOnapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.
b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34eaOnapsis Security Advisory - The SAP HANA contains a reflected cross site scripting vulnerability (XSS) on the pages /sap/hana/ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs and /sap/hana/xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs.
5119b84d53c0c30a40ccbbf28464d82d82fe294a2f8499c0d10ba47627e64dc2Onapsis Security Advisory - By exploiting a search token privilege escalation vulnerability, a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure. BusinessObjects Edge version 4.1 is affected.
572684cdc3bc2a7bd551c52105bd0203238dbe5954d6313dd9841c6c341fed6bOnapsis Security Advisory - HANA Developer Edition contains a command injection vulnerability. Specifically, the page /sap/hana/ide/core/base/server/net.xsjs contains an eval call that is vulnerable to code injection. This allows an attacker to run arbitrary XSJS code in the context of the user logged in.
ad3e31557ce091efdac803b0fc631729b8952bdd6890a585f33c38a640073cb9Onapsis Security Advisory - BusinessObjects BI "Send to Inbox" functionality can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.
fc6e3481d6a10b46f5b352e541dfd8aec324cca7559e359688ccf436f187c5b0Onapsis Security Advisory - Business Objects CORBA listeners include the ability to run unauthenticated InfoStore queries via CORBA. Although some authorization is enforced, it is possible to obtain a considerable amount of information by making requests to the InfoStore via CORBA.
1233021ed4ff9727768afcdb541cde12e5ea7d8e35d63148a89dec3c926c99a7Onapsis Security Advisory - The SAP HANA Developer Edition contains multiple reflected cross site scripting vulnerabilities (XSS) in the democontent area.
d98ec0c662aa2e76ea7c61dcd491019b639f2b4fe8e0fc31991ae7f856d4d36aOnapsis Security Advisory - The CMS CORBA listener includes functions in the OSCAFactory::Session ORB that allows any user to remotely turn off that Business Objects server without authentication.
015c719c07e543bf80326a0b0b90e68c039c96019a5f995a8b35d3ad683fea66Onapsis Security Advisory - A malicious user can discover information relating to valid users using a vulnerable Business Objects Enterprise instance. This information could be used to allow the malicious user to specialize their attacks against the system.
337ba40a7bd0ab6b8eb40dc9d8ae9c8aaf58f85ede87867ef98e421c0f7f094fOnapsis Security Advisory - The SAP HANA XS Administration Tool can be abused by potential attackers, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.
c6ed0fc760014885e4e1f29f5add689e261aa09131bbce902c5032d4d1638bfdOnapsis Security Advisory - SAP BusinessObjects InfoView suffers from a reflective cross site scripting vulnerability.
4d161054fd847d69430573900f5115a49e4c02cca4ed535d5cd5fc6a1576f55bRapid7 Security Advisory - The SAP BusinessObjects product contains a module (dswsbobje.war) which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port can gain full access to the machine via arbitrary remote code execution. This requires the attacker to upload a malicious web service and to restart the instance of Tomcat. This issue may apply to other products and vendors that embed the Axis2 component. The username is "admin" and the password is "axis2", this is also the default for standalone Axis2 installations.
226db62066f2c56c87818ee78e4d00164861cd9e8d34858c75dc772b294bbff8Rapid7 Security Advisory - FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector in FCKEditor. The vulnerability requires that the remote server be running IIS. This vulnerability has been confirmed on FCKEditor 2.5.1 and 2.6.6.
d7ff7819bc5c1b9397d022f19065769fe00e58d1169b50c1ef3b83d03e7b2950
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed