Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different error messages depending on whether the Login field corresponds to a valid username, which allows remote malicious users to enumerate account names via a login SOAPAction to the dswsbobje/services/session URI.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
sap businessobjects 3.2 |
Vulmon