Unauthorized Information Exposure in SAP BusinessObjects Edge 4.0
CVE-2015-2076

Currently unrated

Key Information:

Vendor: SAP
Status: Businessobjects Edge
Vendor: CVE Published:; 27 February 2015

Summary

In SAP BusinessObjects Edge 4.0, the Auditing service has a vulnerability that allows remote attackers to access sensitive information by exploiting improper access controls related to reading audit events. This vulnerability may lead to unauthorized disclosure of audit information, which can pose significant risks to the organization's security and compliance posture. Organizations using this version of SAP BusinessObjects should be aware of this vulnerability and take steps to secure their systems.

References

http://www.securityfocus.com/archive/1/534750/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2015/Feb/94

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/130523/SAP-Business-...

x_refsource_MISC

Timeline

Vulnerability published
Feb 27, 2015
Vulnerability Reserved
Feb 24, 2015