Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Infoview | Businessobjects | 5.1.8 | 5.1.8 |
Webintelligence | Businessobjects | 2.7 | 2.7 |
Webintelligence | Businessobjects | 2.7.3 | 2.7.3 |
Infoview | Businessobjects | 5.1.6 | 5.1.6 |
Webintelligence | Businessobjects | 2.7.2 | 2.7.2 |
Infoview | Businessobjects | 5.1.5 | 5.1.5 |
Infoview | Businessobjects | 5.1.4 | 5.1.4 |
Webintelligence | Businessobjects | 2.7.1 | 2.7.1 |
Webintelligence | Businessobjects | 2.7.4 | 2.7.4 |
Infoview | Businessobjects | 5.1.7 | 5.1.7 |