CVE-2010-3982: Infoleak
First published: Mon Oct 18 2010(Updated: )
SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP BusinessObjects | =3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-3982?
CVE-2010-3982 is considered a moderate severity vulnerability as it allows remote attackers to conduct internal port scans.
How do I fix CVE-2010-3982?
To remediate CVE-2010-3982, update to a newer version of SAP BusinessObjects that addresses this vulnerability.
What software is affected by CVE-2010-3982?
CVE-2010-3982 affects SAP BusinessObjects Enterprise XI 3.2.
What type of attack is related to CVE-2010-3982?
CVE-2010-3982 is related to internal port scanning attacks that can expose sensitive information.
Can CVE-2010-3982 be exploited remotely?
Yes, CVE-2010-3982 can be exploited remotely through a crafted request to the vulnerable SAP BusinessObjects instance.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/sap
- canonical/sap businessobjects
- version/sap businessobjects/3.2