Details of VAR-201410-1420

ID

VAR-201410-1420

TITLE

SAP BusinessObjects Explorer Cross-Site Flash Vulnerability

Trust: 0.8

sources: IVD: ca714302-1eb4-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06708

DESCRIPTION

Business Objects is the world's leading business intelligence (BI) software company. SAP BusinessObjects Explorer is a browser that it launched. A cross-site flash vulnerability exists in SAP BusinessObjects Explorer. An attacker could exploit this vulnerability to steal user's session information. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 0.99

sources: CNVD: CNVD-2014-06708 // BID: 70383 // IVD: ca714302-1eb4-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: ca714302-1eb4-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06708

AFFECTED PRODUCTS

vendor:

sap

model:

businessobjects explorer (build

scope:

version:

14.0.5882)

Trust: 0.8

sources: IVD: ca714302-1eb4-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06708

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-06708
value:	MEDIUM
Trust: 0.6
IVD:	ca714302-1eb4-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2014-06708
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ca714302-1eb4-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: ca714302-1eb4-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06708

THREAT TYPE

network

Trust: 0.3

sources: BID: 70383

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 70383

PATCH

title:

Patch for SAP BusinessObjects Explorer Cross-Site Flash Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/50824

Trust: 0.6

sources: CNVD: CNVD-2014-06708

EXTERNAL IDS

db:	BID	id:	70383	Trust: 0.9
db:	CNVD	id:	CNVD-2014-06708	Trust: 0.8
db:	CXSECURITY	id:	WLB-2014100072	Trust: 0.6
db:	IVD	id:	CA714302-1EB4-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: ca714302-1eb4-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06708 // BID: 70383

REFERENCES

url:	http://cxsecurity.com/issue/wlb-2014100072	Trust: 0.6
url:	http://www.sap.com	Trust: 0.3

sources: CNVD: CNVD-2014-06708 // BID: 70383

CREDITS

Stefan Horlacher

Trust: 0.3

sources: BID: 70383

SOURCES

db:	IVD	id:	ca714302-1eb4-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-06708
db:	BID	id:	70383

LAST UPDATE DATE

2022-05-17T01:46:32.698000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06708	date:	2014-10-14T00:00:00
db:	BID	id:	70383	date:	2014-10-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	ca714302-1eb4-11e6-abef-000c29c66e3d	date:	2014-10-14T00:00:00
db:	CNVD	id:	CNVD-2014-06708	date:	2014-10-14T00:00:00
db:	BID	id:	70383	date:	2014-10-10T00:00:00