Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9387

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-9387
Last Modified 16 Mar 2015 10:01:18
Published 17 Dec 2014 02:59:07
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9387

Summary

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.

Vulnerable Systems

Application

  • Sap Businessobjects 4.1


References

BUGTRAQ - 20141216 [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA

MISC - http://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba


Last Updated: 27 May 2016 11:07:18