CVE-2014-8315

Currently unrated

Key Information:

Vendor: SAP
Status: Businessobjects Explorer
Vendor: CVE Published:; 16 October 2014

Summary

polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter.

References

https://service.sap.com/sap/support/notes/1908562

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2014/Oct/48

mailing-listx_refsource_FULLDISC

http://www.csnc.ch/misc/files/advisories/CSNC-2013-016_SA...

x_refsource_MISC

Timeline

Vulnerability published
Oct 16, 2014
Vulnerability Reserved
Oct 16, 2014