XML External Entity Vulnerability in SAP BusinessObjects Explorer by SAP
CVE-2014-8316

Currently unrated

Key Information:

Vendor: SAP
Status: Businessobjects Explorer
Vendor: CVE Published:; 16 October 2014

What is CVE-2014-8316?

SAP BusinessObjects Explorer 14.0.5 build 882 contains an XML External Entity (XXE) vulnerability that enables remote attackers to exploit the xmlParameter parameter within an explorationSpaceUpdate request. This exploitation allows unauthorized access to read arbitrary files on the server, potentially exposing sensitive information and compromising the security of the system. By manipulating the XML input, attackers can gain access to the server's file system, increasing the risk of data breaches and other malicious activities.

References

http://seclists.org/fulldisclosure/2014/Oct/50

mailing-listx_refsource_FULLDISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/96933

vdb-entryx_refsource_XF

http://scn.sap.com/docs/DOC-55451

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 16, 2014
Vulnerability Reserved
Oct 16, 2014