CyberSec.Space Logo
Back to CVE Browser

CVE-2015-7730

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile31.13th
PublishedOct 15, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note 2001108.

Affected Platforms (CPE)

πŸ“¦
Sap

Businessobjects

= 4.1
πŸ“¦
Sap

Businessobjects Edge

= 4.0
πŸ“¦
Sap

Businessobjects Xi

= 3.1
πŸ“¦
Sap

Businessobjects Xi

= r3

References & Advisories

πŸ”— http://seclists.org/fulldisclosure/2015/Sep/81
πŸ”— http://www.securitytracker.com/id/1033637
πŸ”— https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition
πŸ”— https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption
πŸ”— http://seclists.org/fulldisclosure/2015/Sep/81
πŸ”— http://www.securitytracker.com/id/1033637
πŸ”— https://www.onapsis.com/blog/analyzing-sap-security-notes-may-2015-edition
πŸ”— https://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption

Related Vulnerabilities

CVE-2010-021910.0

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a de...

CVE-2014-938710.0

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges...

CVE-2019-02599.8

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) with...

CVE-2014-93209.8

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently ga...