Design/Logic Flaw

SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning"...

Code injection

CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property...

Default credentials

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service...

CVE-2010-3979

SAP BusinessObjects Enterprise XI 3.2 is affected by CVE-2010-3979 through the dswsbobje component. The vulnerability arises because the login field error messaging varies depending on whether the provided credential matches a valid username, enabling remote attackers to enumerate valid account n...

CVE-2010-0219

CVE-2010-0219 covers Apache Axis2 default credentials that affect dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2 and CA ARCserve D2D r15 among others. The issue arises from a default admin password (axis2), enabling remote attackers to upload a crafted web service and achieve arbitrary co...

CVE-2010-3983

CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property...

CVE-2010-3981

SAP BusinessObjects Enterprise XI 3.2 is affected by CVE-2010-3981 through an XSS flaw exposed in the Edit Service Parameters page via the ServiceClass parameter. Connected documents corroborate that Apache Axis2 (as included in relevant deployments) received a security release (Axis2 1.7.3) that...

CVE-2010-3983

The CVE-2010-3983 entry concerns SAP BusinessObjects Enterprise XI 3.2, affecting the CmcApp component. It specifies that remote authenticated users can gain privileges via vectors involving the Program Job Server and the Program Login property. The provided connected records corroborate the prod...

CVE-2010-3980

Summary: CVE-2010-3980 affects SAP BusinessObjects Enterprise XI 3.2. The dswsbobje service (biplatform URI) does not limit the number of CUIDs that can be requested via GenerateCuids, enabling remote authenticated users to trigger a denial of service. The vulnerability is tied to an unbounded nu...

CVE-2010-3982

SAP BusinessObjects Enterprise XI 3.2 is affected by a vulnerability in the CrystalReports/viewrpt.cwr URI where the apstoken parameter can cause remote TCP connections to arbitrary intranet hosts on any port, exposing potentially sensitive information about open ports (an related internal port s...