Information disclosure in Sap Businessobjects

CVE-2010-3979

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to…

Vulnerability class: Information Disclosure

EPSS: 0.003 (48.6th percentile) — read the EPSS interpretation.

Affected products

Sap Businessobjects — versions 3.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (Exploit, x_refsource_MISC)