CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2014-9387

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile14.69th
Published2014年12月17日
Last Modified2026年5月6日

Vulnerability Description

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.

Affected Platforms (CPE)

📦
Sap

Businessobjects

= 4.1

References & Advisories

🔗 http://seclists.org/fulldisclosure/2014/Dec/60
🔗 http://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba
🔗 http://www.securityfocus.com/archive/1/534249/100/0/threaded
🔗 http://seclists.org/fulldisclosure/2014/Dec/60
🔗 http://www.onapsis.com/research/security-advisories/sap-business-objects-search-token-privilege-escalation-via-corba
🔗 http://www.securityfocus.com/archive/1/534249/100/0/threaded

相關漏洞威脅

CVE-2015-773010.0

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to caus...

CVE-2010-021910.0

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a de...

CVE-2014-93209.8

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently ga...

CVE-2019-02599.8

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) with...