Vulnerabilities > CVE-2010-3980 - Unspecified vulnerability in SAP Businessobjects 3.2

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

sap

NVD

Published: 2010-10-18

Updated: 2010-10-19

Summary

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects 3.2	1

References

http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf