Shodan
Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
CVE-2014-8315
polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-10-16
CVE-2014-8316
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request.
CVSS Score
5.0
EPSS Score
0.008
Published
2014-10-16
CVE-2014-8308
Cross-site scripting (XSS) vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-10-16
CVE-2014-8309
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-10-16
CVE-2014-8310
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.
CVSS Score
7.1
EPSS Score
0.027
Published
2014-10-16
CVE-2014-8311
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
CVSS Score
3.5
EPSS Score
0.004
Published
2014-10-16
CVE-2014-8312
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
CVSS Score
3.5
EPSS Score
0.005
Published
2014-10-16
CVE-2014-6252
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.022
Published
2014-09-05
CVE-2014-5505
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
CVSS Score
6.8
EPSS Score
0.065
Published
2014-09-04
CVE-2014-5506
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
CVSS Score
6.8
EPSS Score
0.021
Published
2014-09-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved