CVE-2015-2074

August 14, 2021

The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.

Summary:

The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.

Reference Links(if available):

  • http://packetstormsecurity.com/files/130521/SAP-Business-Objects-Unauthorized-File-Repository-Server-Write.html
  • http://www.securityfocus.com/bid/72776
  • http://seclists.org/fulldisclosure/2015/Feb/93
  • http://www.securityfocus.com/archive/1/archive/1/534749/100/0/threaded

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    CISA Logo

    CISA: CISA Releases Eight Industrial Control Systems Advisories

    April 25, 2024
    alerts

    Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

    April 25, 2024
    image

    CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

    April 25, 2024
    hkcert

    Cisco Products Multiple Vulnerabilities

    April 25, 2024
    HIBP Banner 1

    T2 – 94,584 breached accounts

    April 25, 2024