First published: Mon Oct 18 2010(Updated: )
Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote attackers to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SAP BusinessObjects | =3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.