CVE-2010-3981
- EPSS 0.23%
- Veröffentlicht 18.10.2010 17:00:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
- EPSS 0.41%
- Veröffentlicht 18.10.2010 17:00:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobj...
- EPSS 0.25%
- Veröffentlicht 18.10.2010 17:00:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbob...
- EPSS 93.42%
- Veröffentlicht 18.10.2010 17:00:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by u...