CVE-2010-3979

Published: Oct 18, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.

Affected (1)

Products: Sap: Businessobjects

1 product

Businessobjects

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects	Version 3.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf

Source: cve@mitre.org

Exploit

http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.