Improper input validation in Sap Businessobjects

CVE-2014-8310

The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.021 (84.5th percentile) — read the EPSS interpretation.

Affected products

Sap Businessobjects — versions 4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

70308 (vdb-entry, x_refsource_BID)
sap-businessobjects-corba-dos(96875) (vdb-entry, x_refsource_XF)
20141008 [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_MISC)
20141008 [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)