Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to trigger TCP connections to arbitrary intranet hosts on any port, and obtain potentially sensitive information about open ports, via the apstoken parameter to the CrystalReports/viewrpt.cwr URI, related to an "internal port scanning" issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP BusinessObjects Enterprise XI 'CrystalReports/viewrpt.cwr'信息泄露漏洞
Vulnerability Description
SAP BusinessObjects Enterprise XI 3.2版本中存在信息泄露漏洞。远程攻击者可以借助CrystalReports/viewrpt.cwr URI中的apstoken参数,触发通过任意端口与内网主机建立TCP连接,以获得关于开放端口的潜在敏感信息。该漏洞与"内网端口扫描"隐患有关。
CVSS Information
N/A
Vulnerability Type
N/A