CVE-2010-3980

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Enterprise XI version 3.2

Description The issue allows remote authenticated users to cause a denial of service. This is achieved by requesting a large number of CUIDs via a GenerateCuids SOAPAction to the "dswsbobje/services/biplatform" URI, exploiting the lack of limitation on the number of CUIDs that may be requested.

Recommendations For SAP BusinessObjects Enterprise XI version 3.2, consider restricting access to the dswsbobje/services/biplatform URI to minimize the risk of exploitation. As a temporary workaround, limit the number of CUIDs that can be requested to prevent abuse.