Search criteria
12 vulnerabilities found for webintelligence by businessobjects
CVE-2005-4274 (GCVE-0-2005-4274)
Vulnerability from cvelistv5 – Published: 2005-12-15 23:00 – Updated: 2024-08-07 23:38
VLAI
Summary
Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to "authentication mechanisms" and "form input."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1015355 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/archive/1/419493/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015355",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015355"
},
{
"name": "20051214 Business Objects WebIntelligence 6.5x Account Lockout and System DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419493/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to \"authentication mechanisms\" and \"form input.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015355",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015355"
},
{
"name": "20051214 Business Objects WebIntelligence 6.5x Account Lockout and System DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419493/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to \"authentication mechanisms\" and \"form input.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015355",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015355"
},
{
"name": "20051214 Business Objects WebIntelligence 6.5x Account Lockout and System DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419493/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4274",
"datePublished": "2005-12-15T23:00:00.000Z",
"dateReserved": "2005-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1249 (GCVE-0-2003-1249)
Vulnerability from cvelistv5 – Published: 2005-11-16 07:37 – Updated: 2024-08-08 02:19
VLAI
Summary
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/7846 | third-party-advisoryx_refsource_SECUNIA |
| http://www.iss.net/security_center/static/11026.php | vdb-entryx_refsource_XF |
| http://www.securitytracker.com/id?1005906 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/6569 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
| http://www.securityfocus.com/archive/1/305991 | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/7846"
},
{
"name": "webintelligence-session-hijacking(11026)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11026.php"
},
{
"name": "1005906",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1005906"
},
{
"name": "6569",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6569"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/305991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-12T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/7846"
},
{
"name": "webintelligence-session-hijacking(11026)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11026.php"
},
{
"name": "1005906",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1005906"
},
{
"name": "6569",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6569"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/305991"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7846"
},
{
"name": "webintelligence-session-hijacking(11026)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11026.php"
},
{
"name": "1005906",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1005906"
},
{
"name": "6569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6569"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/305991"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1249",
"datePublished": "2005-11-16T07:37:00.000Z",
"dateReserved": "2005-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:19:46.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0534 (GCVE-0-2004-0534)
Vulnerability from cvelistv5 – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://secunia.com/advisories/12587/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/11209 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2004-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0534",
"datePublished": "2005-04-14T04:00:00.000Z",
"dateReserved": "2004-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:24:26.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0533 (GCVE-0-2004-0533)
Vulnerability from cvelistv5 – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:24
VLAI
Summary
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
| http://secunia.com/advisories/12587/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/11208 | vdb-entryx_refsource_BID |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
Date Public
2004-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:25.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webintelligence-url-delete-files(17422)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webintelligence-url-delete-files(17422)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webintelligence-url-delete-files(17422)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0533",
"datePublished": "2005-04-14T04:00:00.000Z",
"dateReserved": "2004-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:24:25.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2005-4274
Vulnerability from fkie_nvd - Published: 2005-12-15 22:03 - Updated: 2026-04-16 00:27
Severity
Summary
Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to "authentication mechanisms" and "form input."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | webintelligence | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E61DC2-79F5-4B2B-B3B8-F912C7844D5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to \"authentication mechanisms\" and \"form input.\""
}
],
"id": "CVE-2005-4274",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-15T22:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015355"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/419493/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419493/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0533
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2026-04-16 00:27
Severity
Summary
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | infoview | 5.1.4 | |
| businessobjects | infoview | 5.1.5 | |
| businessobjects | infoview | 5.1.6 | |
| businessobjects | infoview | 5.1.7 | |
| businessobjects | infoview | 5.1.8 | |
| businessobjects | webintelligence | 2.7 | |
| businessobjects | webintelligence | 2.7.1 | |
| businessobjects | webintelligence | 2.7.2 | |
| businessobjects | webintelligence | 2.7.3 | |
| businessobjects | webintelligence | 2.7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B12AEC6B-5077-47E6-8B54-90B712543AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F131CD-671F-4A6F-AEF3-0FDC6A7E5EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D3BFC4-E028-41DD-BC37-C85403EDE1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFC8418-5FC6-4B64-9203-F6AAEAF02CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88324C77-F20E-4E20-AA5D-D368679647E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18F930C0-1A43-4278-9F6F-DD06D96DC97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "254A598E-EC81-416E-AB66-BA9072B19FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83D8F4AE-72BB-409E-A94E-611DF7FFEAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6321B477-A1D0-47C1-AF11-F667C936D3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92270BD8-E8C9-47F9-93B7-ACCF863D9275",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client."
}
],
"id": "CVE-2004-0533",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11208"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0534
Vulnerability from fkie_nvd - Published: 2004-09-17 04:00 - Updated: 2026-04-16 00:27
Severity
Summary
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | infoview | 5.1.4 | |
| businessobjects | infoview | 5.1.5 | |
| businessobjects | infoview | 5.1.6 | |
| businessobjects | infoview | 5.1.7 | |
| businessobjects | infoview | 5.1.8 | |
| businessobjects | webintelligence | 2.7 | |
| businessobjects | webintelligence | 2.7.1 | |
| businessobjects | webintelligence | 2.7.2 | |
| businessobjects | webintelligence | 2.7.3 | |
| businessobjects | webintelligence | 2.7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B12AEC6B-5077-47E6-8B54-90B712543AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F131CD-671F-4A6F-AEF3-0FDC6A7E5EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D3BFC4-E028-41DD-BC37-C85403EDE1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFC8418-5FC6-4B64-9203-F6AAEAF02CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:infoview:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88324C77-F20E-4E20-AA5D-D368679647E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "18F930C0-1A43-4278-9F6F-DD06D96DC97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "254A598E-EC81-416E-AB66-BA9072B19FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83D8F4AE-72BB-409E-A94E-611DF7FFEAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6321B477-A1D0-47C1-AF11-F667C936D3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92270BD8-E8C9-47F9-93B7-ACCF863D9275",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
],
"id": "CVE-2004-0534",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-17T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11209"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-1249
Vulnerability from fkie_nvd - Published: 2003-12-31 05:00 - Updated: 2026-04-16 00:27
Severity
Summary
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | webintelligence | 2.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:webintelligence:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "254A598E-EC81-416E-AB66-BA9072B19FD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions."
}
],
"id": "CVE-2003-1249",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/7846"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/11026.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/305991"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6569"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1005906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/7846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/11026.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/305991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1005906"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2005-4274 (GCVE-0-2005-4274)
Vulnerability from nvd – Published: 2005-12-15 23:00 – Updated: 2024-08-07 23:38
VLAI
Summary
Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to "authentication mechanisms" and "form input."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1015355 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/archive/1/419493/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-12-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015355",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015355"
},
{
"name": "20051214 Business Objects WebIntelligence 6.5x Account Lockout and System DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419493/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to \"authentication mechanisms\" and \"form input.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015355",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015355"
},
{
"name": "20051214 Business Objects WebIntelligence 6.5x Account Lockout and System DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/419493/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to \"authentication mechanisms\" and \"form input.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015355",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015355"
},
{
"name": "20051214 Business Objects WebIntelligence 6.5x Account Lockout and System DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419493/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4274",
"datePublished": "2005-12-15T23:00:00.000Z",
"dateReserved": "2005-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0533 (GCVE-0-2004-0533)
Vulnerability from nvd – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:24
VLAI
Summary
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
| http://secunia.com/advisories/12587/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/11208 | vdb-entryx_refsource_BID |
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
Date Public
2004-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:25.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webintelligence-url-delete-files(17422)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webintelligence-url-delete-files(17422)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webintelligence-url-delete-files(17422)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17422"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.html"
},
{
"name": "12587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11208"
},
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0533",
"datePublished": "2005-04-14T04:00:00.000Z",
"dateReserved": "2004-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:24:25.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0534 (GCVE-0-2004-0534)
Vulnerability from nvd – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosur… | mailing-listx_refsource_FULLDISC |
| http://secunia.com/advisories/12587/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/11209 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2004-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
},
{
"name": "12587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0534",
"datePublished": "2005-04-14T04:00:00.000Z",
"dateReserved": "2004-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:24:26.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1249 (GCVE-0-2003-1249)
Vulnerability from nvd – Published: 2005-11-16 07:37 – Updated: 2024-08-08 02:19
VLAI
Summary
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/7846 | third-party-advisoryx_refsource_SECUNIA |
| http://www.iss.net/security_center/static/11026.php | vdb-entryx_refsource_XF |
| http://www.securitytracker.com/id?1005906 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/6569 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/vulnwatch/… | mailing-listx_refsource_VULNWATCH |
| http://www.securityfocus.com/archive/1/305991 | mailing-listx_refsource_BUGTRAQ |
Date Public
2003-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/7846"
},
{
"name": "webintelligence-session-hijacking(11026)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11026.php"
},
{
"name": "1005906",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1005906"
},
{
"name": "6569",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6569"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/305991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-12T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7846",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/7846"
},
{
"name": "webintelligence-session-hijacking(11026)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11026.php"
},
{
"name": "1005906",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1005906"
},
{
"name": "6569",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6569"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/305991"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7846"
},
{
"name": "webintelligence-session-hijacking(11026)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11026.php"
},
{
"name": "1005906",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1005906"
},
{
"name": "6569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6569"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/305991"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1249",
"datePublished": "2005-11-16T07:37:00.000Z",
"dateReserved": "2005-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:19:46.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}