PT-2014-8465 · Sap · Sap Businessobjects Explorer

Published

2014-10-16

Updated

2018-10-09

CVE-2014-8316

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Explorer version 14.0.5 build 882

Description The issue allows remote attackers to read arbitrary files. This is achieved via the xmlParameter parameter in an "explorationSpaceUpdate" request.

Recommendations For SAP BusinessObjects Explorer version 14.0.5 build 882, consider restricting access to the polestar xml.jsp file to minimize the risk of exploitation. Avoid using the xmlParameter parameter in the "explorationSpaceUpdate" request until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2014-8316

Affected Products

Sap Businessobjects Explorer

PT-2014-8465 · Sap · Sap Businessobjects Explorer

CVE-2014-8316

Related Identifiers

Affected Products

References · 9