Remote Code Execution in SAP BusinessObjects Edge 4.0
CVE-2015-2075

Currently unrated

Key Information:

Vendor: SAP
Status: Businessobjects Edge
Vendor: CVE Published:; 27 February 2015

Summary

SAP BusinessObjects Edge 4.0 contains a vulnerability that permits remote attackers to delete crucial audit events from the auditee queue via an unprotected clearData CORBA operation, thereby compromising the integrity of audit logs. This could potentially allow attackers to erase traces of their actions, making it more difficult for organizations to trace unauthorized activities. Organizations using this version are advised to implement necessary security measures to safeguard their audit trails.

References

http://www.securityfocus.com/archive/1/534751/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2015/Feb/95

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/72778

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 27, 2015
Vulnerability Reserved
Feb 24, 2015