Port Scanning Vulnerability in SAP BusinessObjects Explorer
CVE-2014-8315

Currently unrated

Key Information:

Vendor: SAP
Status: Businessobjects Explorer
Vendor: CVE Published:; 16 October 2014

Summary

A timing vulnerability exists in SAP BusinessObjects Explorer where the application responds with varied timing based on the ability to establish a connection. This flaw can be exploited by remote attackers, enabling them to conduct port scanning attacks through the use of host names and port numbers in the cms parameter. This behavior can inadvertently disclose information about the network services available on the targeted server, potentially aiding in further attacks.

References

https://service.sap.com/sap/support/notes/1908562

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2014/Oct/48

mailing-listx_refsource_FULLDISC

http://www.csnc.ch/misc/files/advisories/CSNC-2013-016_SA...

x_refsource_MISC

Timeline

Vulnerability published
Oct 16, 2014
Vulnerability Reserved
Oct 16, 2014