PT-2010-5212 · Sap · Sap Businessobjects Enterprise Xi

Published

2010-10-18

Updated

2010-10-19

CVE-2010-3980

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Enterprise XI version 3.2

Description The issue allows remote authenticated users to cause a denial of service. This is achieved by requesting a large number of CUIDs via a GenerateCuids SOAPAction to the "dswsbobje/services/biplatform" URI, exploiting the lack of limitation on the number of CUIDs that may be requested.

Recommendations For SAP BusinessObjects Enterprise XI version 3.2, consider restricting access to the dswsbobje/services/biplatform URI to minimize the risk of exploitation. As a temporary workaround, limit the number of CUIDs that can be requested to prevent abuse.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2010-3980

Affected Products

Sap Businessobjects Enterprise Xi

PT-2010-5212 · Sap · Sap Businessobjects Enterprise Xi

CVE-2010-3980

Related Identifiers

Affected Products

References · 2