SAP : Security Vulnerabilities, CVEs, Published In 2010 (Information Leak) CVSS score >= 2

CVE-2010-3982

SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue.
Max CVSS
5.0
EPSS Score
0.50%
Published
2010-10-18
Updated
2017-08-17

CVE-2010-3979

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.
Max CVSS
5.0
EPSS Score
0.37%
Published
2010-10-18
Updated
2010-10-19
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close