NotCVE - vendor:"Sap" product:"Businessobjects" version:"3.2"

6 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2010-3979

https://notcve.org/view.php?id=CVE-2010-3979

18 Oct 2010 — Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. Dswsbobje en SAP BusinessObjects Enterprise XI v3.2 genera mensajes de error diferentes dependiendo de si el campo Login corresponde a un nombre de usuario válido, lo que permite a usuarios remotos enumerar los nombres de cuentas de usua... • http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2010-3982

https://notcve.org/view.php?id=CVE-2010-3982

18 Oct 2010 — SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue. SAP BusinessObjects Enterprise XI 3.2 permite a atacantes remotos realizar conexiones TCP a equipos arbitrarios de la intranet en cualquier puerto, y obtener información potencialmente confidencial sobre los... • http://osvdb.org/68681 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 97%CPEs: 8EXPL: 8

CVE-2010-0219 – Axis2 - (Authenticated) Code Execution (via REST)

https://notcve.org/view.php?id=CVE-2010-0219

18 Oct 2010 — Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. Axis2 de Apache, tal y como es usado en dswsbobje.war en SAP BusinessObjects Enterprise XI versión 3.2, CA ARCserve D2D r15 y otros productos, tiene una contraseña por defecto de axis2 para la cuenta de administrador, lo que facil... • https://packetstorm.news/files/id/181058 • CWE-255: Credentials Management Errors •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2010-3981

https://notcve.org/view.php?id=CVE-2010-3981

18 Oct 2010 — Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP BusinessObjects Enterprise XI v3.2 permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del campo ServiceClass de la página "Edit Service Parameters" (edición de parámetros de servicio). • http://osvdb.org/68680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2010-3980

https://notcve.org/view.php?id=CVE-2010-3980

18 Oct 2010 — Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. Dswsbobje en SAP BusinessObjects Enterprise XI v3.2 no limita el número de CUIDs que pueden ser solicitados, lo que permite a usuarios remotos autenticados provocar una denegación de servicio a través de valores numCuids extensos de un... • http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2010-3983

https://notcve.org/view.php?id=CVE-2010-3983

18 Oct 2010 — CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property. CmcApp en SAP BusinessObjects Enterprise XI 3.2 permite a usuarios autenticados remotos escalar privilegios a través de vectores que involucran el "Program Job Server" (servidor de trabajos de programa) y la propiedad "Program Login" (inicio de sesión de programa). • http://osvdb.org/68682 • CWE-264: Permissions, Privileges, and Access Controls •