CVE-2014-8316

Currently unrated

Key Information:

Vendor: SAP
Status: Businessobjects Explorer
Vendor: CVE Published:; 16 October 2014

Summary

XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request.

References

http://seclists.org/fulldisclosure/2014/Oct/50

mailing-listx_refsource_FULLDISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/96933

vdb-entryx_refsource_XF

http://scn.sap.com/docs/DOC-55451

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 16, 2014
Vulnerability Reserved
Oct 16, 2014