CVE-2010-3982

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Enterprise XI version 3.2

Description The issue allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port and obtain potentially sensitive information about open ports. This is related to an internal port scanning issue, which can be exploited via the apstoken parameter to the "CrystalReports/viewrpt.cwr" URI.

Recommendations For SAP BusinessObjects Enterprise XI version 3.2, consider restricting access to the CrystalReports/viewrpt.cwr URI to minimize the risk of exploitation. Avoid using the apstoken parameter in this URI until the issue is resolved.