Arbitrary File Write Vulnerability in SAP BusinessObjects Edge 4.0
CVE-2015-2074

7.5HIGH

Key Information:

Vendor
SAP
Status
Businessobjects Edge
Vendor
CVE Published:
9 August 2021

Summary

The File Repository Server (FRS) CORBA listener in SAP BusinessObjects Edge 4.0 is vulnerable to an arbitrary file write issue. This vulnerability allows remote attackers to write files to any location on the system by providing a full pathname. This could potentially lead to unauthorized access or manipulation of files within the system, exposing sensitive data or impacting the integrity of the application. It is crucial for organizations using this software to apply the necessary updates to mitigate this risk.

References

http://packetstormsecurity.com/files/130521/SAP-Business-...
x_refsource_MISC
http://www.securityfocus.com/archive/1/archive/1/534749/1...
x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Feb/93
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.