Details of VAR-201410-1419

ID

VAR-201410-1419

TITLE

SAP BusinessObjects Explorer XML External Entity Injection Vulnerability (CNVD-2014-06710)

Trust: 0.6

sources: CNVD: CNVD-2014-06710

DESCRIPTION

Business Objects is the world's leading business intelligence (BI) software company. SAP BusinessObjects Explorer is a browser that it launched. An external XML material injection vulnerability exists in SAP BusinessObjects Explorer. An information disclosure vulnerability exists because the program failed to properly authenticate the user's input

Trust: 0.72

sources: CNVD: CNVD-2014-06710 // IVD: c4909d3e-1eb4-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: c4909d3e-1eb4-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06710

AFFECTED PRODUCTS

vendor:

sap

model:

businessobjects explorer (build

scope:

version:

14.0.5882)

Trust: 0.8

sources: IVD: c4909d3e-1eb4-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06710

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-06710
value:	HIGH
Trust: 0.6
IVD:	c4909d3e-1eb4-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2014-06710
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	c4909d3e-1eb4-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: c4909d3e-1eb4-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06710

TYPE

injection

Trust: 0.2

sources: IVD: c4909d3e-1eb4-11e6-abef-000c29c66e3d

PATCH

title:

Patch for SAP BusinessObjects Explorer XML External Entity Injection Vulnerability (CNVD-2014-06710)

url:

https://www.cnvd.org.cn/patchinfo/show/50821

Trust: 0.6

sources: CNVD: CNVD-2014-06710

EXTERNAL IDS

db:	CNVD	id:	CNVD-2014-06710	Trust: 0.8
db:	CXSECURITY	id:	WLB-2014100070	Trust: 0.6
db:	IVD	id:	C4909D3E-1EB4-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: c4909d3e-1eb4-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06710

REFERENCES

url:

http://cxsecurity.com/issue/wlb-2014100070

Trust: 0.6

sources: CNVD: CNVD-2014-06710

SOURCES

db:	IVD	id:	c4909d3e-1eb4-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-06710

LAST UPDATE DATE

2022-05-17T01:51:09.455000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2014-06710

date:

2014-10-14T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	c4909d3e-1eb4-11e6-abef-000c29c66e3d	date:	2014-10-14T00:00:00
db:	CNVD	id:	CNVD-2014-06710	date:	2014-10-14T00:00:00