Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0533

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0533
Last Modified 05 Sep 2008 04:38:40
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0533

Summary

Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.

Vulnerable Systems

Application

  • Businessobjects Infoview 5.1.4

  • Businessobjects Infoview 5.1.5

  • Businessobjects Infoview 5.1.6

  • Businessobjects Infoview 5.1.7

  • Businessobjects Infoview 5.1.8

  • Businessobjects Webintelligence 2.7

  • Businessobjects Webintelligence 2.7.1

  • Businessobjects Webintelligence 2.7.2

  • Businessobjects Webintelligence 2.7.3

  • Businessobjects Webintelligence 2.7.4


References

XF - webintelligence-url-delete-files(17422)

BID - 11208

SECUNIA - 12587

FULLDISC - 20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue

VULNWATCH - 20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue


Last Updated: 27 May 2016 10:38:38