PT-2021-8379 · Sap · Sap Businessobjects Edge

Published

2021-08-09

Updated

2021-08-17

CVE-2014-9320

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Edge version 4.1

Description The issue allows remote attackers to obtain the SI PLATFORM SEARCH SERVER LOGON TOKEN token, which can lead to gaining SYSTEM privileges. This is achieved through vectors involving CORBA calls.

Recommendations For SAP BusinessObjects Edge version 4.1, apply the fix as described in SAP Note 2039905 to resolve the issue. As a temporary workaround, consider restricting access to CORBA calls to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-9320

Affected Products

Sap Businessobjects Edge

PT-2021-8379 · Sap · Sap Businessobjects Edge

CVE-2014-9320

Weakness Enumeration

Related Identifiers

Affected Products

References · 7