Vulnerability Description
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Businessobjects | Infoview | 5.1.4 |
| Businessobjects | Webintelligence | 2.7 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.htmlVendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.htmlVendor Advisory
- http://secunia.com/advisories/12587/Vendor Advisory
- http://www.securityfocus.com/bid/11208
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17422
- http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0056.htmlVendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026549.htmlVendor Advisory
- http://secunia.com/advisories/12587/Vendor Advisory
- http://www.securityfocus.com/bid/11208
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17422
FAQ
What is CVE-2004-0533?
CVE-2004-0533 is a vulnerability with a CVSS score of 2.1 (LOW). Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete r...
How severe is CVE-2004-0533?
CVE-2004-0533 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0533?
Check the references section above for vendor advisories and patch information. Affected products include: Businessobjects Infoview, Businessobjects Webintelligence.