CVE-2014-8315

Published: Oct 16, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter.

Affected (1)

Products: Sap: Businessobjects Explorer

Sap

1 product

Businessobjects Explorer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Explorer	Version 14.0.5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://seclists.org/fulldisclosure/2014/Oct/48

Source: cve@mitre.org

http://www.csnc.ch/misc/files/advisories/CSNC-2013-016_SAP_BusinessObjects_Explorer_Port-Scanning.txt

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/533672/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/70382

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/96935

Source: cve@mitre.org

https://service.sap.com/sap/support/notes/1908562

Source: cve@mitre.org

Vendor Advisory

http://seclists.org/fulldisclosure/2014/Oct/48