Vulnerabilities > SAP > Businessobjects
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-18 | CVE-2010-3980 | Unspecified vulnerability in SAP Businessobjects 3.2 Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI. | 4.0 |
| 2010-10-18 | CVE-2010-3979 | Information Exposure vulnerability in SAP Businessobjects 3.2 Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI. | 5.0 |
| 2010-10-18 | CVE-2010-0219 | Credentials Management vulnerability in multiple products Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. | 10.0 |