XML External Entity Vulnerability in SAP BusinessObjects Explorer by SAP
CVE-2014-8316

Currently unrated

Key Information:

Vendor
SAP
Status
Businessobjects Explorer
Vendor
CVE Published:
16 October 2014

Summary

SAP BusinessObjects Explorer 14.0.5 build 882 contains an XML External Entity (XXE) vulnerability that enables remote attackers to exploit the xmlParameter parameter within an explorationSpaceUpdate request. This exploitation allows unauthorized access to read arbitrary files on the server, potentially exposing sensitive information and compromising the security of the system. By manipulating the XML input, attackers can gain access to the server's file system, increasing the risk of data breaches and other malicious activities.

References

http://seclists.org/fulldisclosure/2014/Oct/50
mailing-listx_refsource_FULLDISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/96933
vdb-entryx_refsource_XF
http://scn.sap.com/docs/DOC-55451
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.