Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Businessobjects Xi Security Vulnerabilities

cve
cve

CVE-2010-3980

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested, which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform...

6.4AI Score

0.002EPSS

2022-10-03 04:20 PM
17
cve
cve

CVE-2010-3979

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session...

6.8AI Score

0.004EPSS

2022-10-03 04:20 PM
17
cve
cve

CVE-2015-7730

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a crafted GIOP packet, aka SAP Security Note...

6.7AI Score

0.008EPSS

2015-10-15 08:59 PM
25
cve
cve

CVE-2014-8309

SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the.....

7.2AI Score

0.005EPSS

2014-10-16 07:55 PM
15
cve
cve

CVE-2010-3981

Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters...

5.8AI Score

0.002EPSS

2010-10-18 05:00 PM
23
cve
cve

CVE-2010-3983

CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login...

6.6AI Score

0.003EPSS

2010-10-18 05:00 PM
12
cve
cve

CVE-2010-3982

SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning".....

6.7AI Score

0.005EPSS

2010-10-18 05:00 PM
19
cve
cve

CVE-2010-0219

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web...

7.8AI Score

0.975EPSS

2010-10-18 05:00 PM
118