First published: Fri Dec 31 2004(Updated: )
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
BusinessObjects InfoView | =5.1.8 | |
Businessobjects Webintelligence | =2.7 | |
Businessobjects Webintelligence | =2.7.3 | |
BusinessObjects InfoView | =5.1.6 | |
Businessobjects Webintelligence | =2.7.2 | |
BusinessObjects InfoView | =5.1.5 | |
BusinessObjects InfoView | =5.1.4 | |
Businessobjects Webintelligence | =2.7.1 | |
Businessobjects Webintelligence | =2.7.4 | |
BusinessObjects InfoView | =5.1.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.