Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Infoview | Businessobjects | 5.1.4 (including) | 5.1.4 (including) |
Infoview | Businessobjects | 5.1.5 (including) | 5.1.5 (including) |
Infoview | Businessobjects | 5.1.6 (including) | 5.1.6 (including) |
Infoview | Businessobjects | 5.1.7 (including) | 5.1.7 (including) |
Infoview | Businessobjects | 5.1.8 (including) | 5.1.8 (including) |
Webintelligence | Businessobjects | 2.7 (including) | 2.7 (including) |
Webintelligence | Businessobjects | 2.7.1 (including) | 2.7.1 (including) |
Webintelligence | Businessobjects | 2.7.2 (including) | 2.7.2 (including) |
Webintelligence | Businessobjects | 2.7.3 (including) | 2.7.3 (including) |
Webintelligence | Businessobjects | 2.7.4 (including) | 2.7.4 (including) |