Vulnerability Description
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Businessobjects | 3.2 |
Related Weaknesses (CWE)
References
- http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjectsExploit
- http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjectsExploit
FAQ
What is CVE-2010-3979?
CVE-2010-3979 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate a...
How severe is CVE-2010-3979?
CVE-2010-3979 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3979?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Businessobjects.