Vulnerability Description
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Businessobjects | 3.2 |
References
- http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjectsExploit
- http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjectsExploit
FAQ
What is CVE-2010-3980?
CVE-2010-3980 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids v...
How severe is CVE-2010-3980?
CVE-2010-3980 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3980?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Businessobjects.