Lucene search

[email protected]NVD:CVE-2010-3982

HistoryOct 18, 2010 - 5:00 p.m.

CVE-2010-3982

2010-10-1817:00:04

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.005

Percentile

76.4%

JSON

SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an “internal port scanning” issue.

Affected configurations

Nvd

Node

sapbusinessobjectsMatch3.2enterprise_xi

VendorProductVersionCPE
sapbusinessobjects3.2cpe:2.3:a:sap:businessobjects:3.2:*:enterprise_xi:*:*:*:*:*

Vendor	Product	Version	CPE
sap	businessobjects	3.2	cpe:2.3:a:sap:businessobjects:3.2::enterprise_xi:::::

References

osvdb.org/68681

spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/62682

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.005

Percentile

76.4%

JSON

Related for NVD:CVE-2010-3982

prion1 cvelist1 cve1