SAP BusinessObjects version 12 suffers from multiple cross site scripting vulnerabilities.
085ac75868915cdcd505723a58a8951419e5f53a87bd76e3d537fde452b51eec
This Metasploit module simply attempts to bruteforce SAP BusinessObjects users by using CmcApp.
c7f2ccace6acca766972107fabec89a53c6bf09187f4ebd994b454f51654f936
This Metasploit module attempts to bruteforce SAP BusinessObjects users. The dswsbobje interface is only used to verify valid credentials for CmcApp. Therefore, any valid credentials that have been identified can be leveraged by logging into CmcApp.
5372edf67d1cb80a59332f2c751921d87682174c674cfe0c077795a451f61dce
This Metasploit module simply attempts to enumerate SAP BusinessObjects users. The dswsbobje interface is only used to verify valid users for CmcApp. Therefore, any valid users that have been identified can be leveraged by logging into CmcApp.
e1bf994ca850f6a313db09140c97bef59a3a83e425503e455ae6e327c1516ddf
SAP BusinessObjects Intelligence version 4.3 suffers from an XML external entity injection vulnerability.
56c01844910c634b5ec0e547a629647a5c63894084dfb84fd74cbdf5862a73cf
SAP BusinessObjects Financial Consolidation version 10.0.0.1933 suffers from a cross site scripting vulnerability in the help component.
e1c3b280b616f49203e631b097d8452366c1bc1d167923df6eaec5b44d8621da
Onapsis Security Advisory - It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.
92a03a7a9374710770746549090119067b75fdc71c5a1c6527932e9be9239ecd
Onapsis Security Advisory - It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it's queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.
525b0210fa38e332bad09f1f23be059b8cff27946645438a054d05c005ac4ec0
Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.
6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121db
Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.
b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34ea
Onapsis Security Advisory - By exploiting a search token privilege escalation vulnerability, a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure. BusinessObjects Edge version 4.1 is affected.
572684cdc3bc2a7bd551c52105bd0203238dbe5954d6313dd9841c6c341fed6b
SAP BusinessObjects Explorer version 14.0.5 is vulnerable to XML External Entity (XXE) attacks. This vulnerability could be triggered by an unauthenticated user, as the login request uses vulnerable XML processing as well.
194d0ab6b1771e690644f55e1384ffcd80f5cdd83e9e34d23361c839f047ad44
SAP BusinessObjects Explorer version 14.0.5 does not validate the user defined inputs of parameter CMS name, which consists of a host name and port number. This can be used to perform a port scan within the network range where the BusinessObject Explorer server is located. This vulnerability could be triggered as unauthenticated user.
da3b141d39bd4e752dc80ab85d3821ea612ba63b8b712c967c735c9bd4c7e6dc
SAP BusinessObjects Explorer 14.0.5 suffers from a cross site flashing vulnerability. It is possible to directly load and display the com_businessobjects_polestar_bootstrap.swf Flash file and specify a configUrl. This requires the victim to be logged and the attacker needs to know the /webres/ URL, which is known as soon as the attacker is in possession of valid credentials. The configuration file specified in the configURL parameter may reside on a foreign host. The configuration file itself may contain URLs of further Flash files residing on a foreign domain. If successful, the victim loads foreign Flash files, which leads to Cross Site Flashing.
0aef611f8c015cff5ee67abcc68c426c2945005a8e245828e06d099362e16d2f
Onapsis Security Advisory - BusinessObjects BI "Send to Inbox" functionality can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.
fc6e3481d6a10b46f5b352e541dfd8aec324cca7559e359688ccf436f187c5b0
Onapsis Security Advisory - SAP BusinessObjects InfoView suffers from a reflective cross site scripting vulnerability.
4d161054fd847d69430573900f5115a49e4c02cca4ed535d5cd5fc6a1576f55b
Secunia Security Advisory - A vulnerability has been reported in SAP BusinessObjects Financial Consolidation, which can be exploited by malicious people to compromise a user's system.
52f71b721b43f18656464a34bb96166f73c083ea199f6e2cfe65ccc507d365ef
Secunia Security Advisory - A weakness and some vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to disclose sensitive information and conduct cross-site scripting attacks.
de1b1fc493d72b8d749d034af4652da2a40f10c2c8de8ff0e32b3b9bc71760ab
Rapid7 Security Advisory - The SAP BusinessObjects product contains a module (dswsbobje.war) which deploys Axis2 with an administrator account which is configured with a static password. As a result, anyone with access to the Axis2 port can gain full access to the machine via arbitrary remote code execution. This requires the attacker to upload a malicious web service and to restart the instance of Tomcat. This issue may apply to other products and vendors that embed the Axis2 component. The username is "admin" and the password is "axis2", this is also the default for standalone Axis2 installations.
226db62066f2c56c87818ee78e4d00164861cd9e8d34858c75dc772b294bbff8
Secunia Security Advisory - A security issue has been reported in SAP BusinessObjects, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
b91afbdb4bafead904541d8773f672861ad4b6be911152ff50699a627551a19f
Secunia Security Advisory - Some security issues have been reported in SAP BusinessObjects, which can be exploited by malicious people to conduct spoofing attacks.
8a9c54ebac27afdbc622b83362cc83e2a29cf0714da2fca7839d9321e26c9453
Secunia Security Advisory - Some weaknesses and vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious people to disclose system information or conduct cross-site scripting attacks.
e479aad7c0b8fb5d03c3fea9f4f826289d4ce702def60fdfca291429932ec571
Secunia Security Advisory - Some weaknesses and some vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious people to disclose system information and conduct cross-site scripting attacks.
d418322010dce757c063576a2a942db3a6b678f69b761025c3c1b25fa6b4ec75
SAP BusinessObjects Crystal Reports suffers from multiple cross site scripting vulnerabilities in viewreport.asp.
fce3185bc71a241e9920ff0d2d40f556e07582a6a9c248380cf2b345f436b30e
Secunia Security Advisory - Sebastien gioria has reported a vulnerability in BusinessObjects XI, which can be exploited by malicious people to conduct cross-site scripting attacks.
1818d5146b2c2970f2540fd6677b2d57c9222a88cf3fe6215390d2b7ec92dee8
Secunia Security Advisory - Will Dormann has reported a vulnerability in BusinessObjects, which can be exploited by malicious people to compromise a user's system.
6cd8bd09006cf3e7e8e35b9d5cd89f8fa2a1477d01f9802ecee99297839bf966