CVE-2010-3982

SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue.

Published: Oct 18, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-3982
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
sap / businessobjects	3.2	3.2.x

http://osvdb.org/68681
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62682

Vulnerability Database

290,206

CVE-2010-3982