SAP : Security Vulnerabilities, CVEs, Published In 2010 (Information Leak)
SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue.
Max CVSS
5.0
EPSS Score
0.50%
Published
2010-10-18
Updated
2017-08-17
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.
Max CVSS
5.0
EPSS Score
0.37%
Published
2010-10-18
Updated
2010-10-19
2 vulnerabilities found