Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP BusinessObjects Explorer XML外部实体注入漏洞
Vulnerability Description
SAP BusinessObjects Explorer是德国思爱普(SAP)公司的一套商务智能软件和企业绩效解决方案。该方案提供报表、绩效管理和数据基础等功能。 SAP BusinessObjects Explorer 14.0.5 build 882版本的polestar_xml.jsp脚本中存在XML外部实体注入漏洞。远程攻击者可借助explorationSpaceUpdate请求中的‘xmlParameter ’参数利用该漏洞读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A