Information disclosure in Sap Businessobjects_edge

CVE-2015-2076

The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395.

Vulnerability class: Information Disclosure

EPSS: 0.004 (60.3th percentile) — read the EPSS interpretation.

Affected products

Sap Businessobjects_edge — versions 4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA (mailing-list, x_refsource_BUGTRAQ)
20150225 [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_MISC)
72775 (vdb-entry, x_refsource_BID)