Thursday, March 12, 2015

SAP applications vulnerable to CRITICAL flaws

Critical vulnerabilities in SAP business applications are identified by Onapsis. Five security advisories have been released targeting business intelligence solution SAP BusinessObjects and the database management system SAP HANA (High-Performance Analytic Appliance). Four of them affects SAP BusinessObjects Edge 4.0. The first vulnerability covers under CVE-2015-2073 that allows attackers to read files on the BusinessObjects File Repository Server (FRS) due to an error in the Common Object Request Broker Architecture (CORBA) listener. Second vulnerability is quite similar to previous one with the exception that allows overwrite files on the File Repository Server (CVE-2015-2074). Third security flaw (CVE-2015-2076) is related to authorization issues that allow attackers to retrieve audit events from a remote BusinessObjects service by using CORBA. While the fourth vulnerability (CVE-2015-2075) allows removing events waiting in the auditee queue. <more>

No comments: