CVE-2010-3982
SAP BusinessObjects Enterprise XI 3.2 - Exposure of Sensitive Information via CrystalReports apstoken Parameter
Title source: llmDescription
SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/68681
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62682
Exploit x_refsource_misc
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
Scores
EPSS
0.0028
EPSS Percentile
51.7%
Details
CWE
CWE-200
Status
published
Products (1)
sap/businessobjects
3.2
Published
Oct 18, 2010
Tracked Since
Feb 18, 2026