• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Business Objects WebIntelligence Access Control Bypass File Deletion Vulnerability

It is reported that WebIntelligence is susceptible to an access control bypass vulnerability allowing for the deletion of files from the application.

This vulnerability is reported to exist as access controls are only enforced on the client. The server fails to enforce access control restriction and allows delete requests to succeed when they are not authorized.

Only authenticated users are able to exploit this vulnerability.