Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Session web service.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP BusinessObjects和BusinessObjects XI 用户名枚举漏洞
Vulnerability Description
SAP BusinessObjects和BusinessObjects XI(BOXI)都是德国思爱普(SAP)公司的商务智能软件和企业绩效解决方案。该方案提供报表、绩效管理和数据基础等功能。 SAP BusinessObjects 4.0版本和BOXI R2版本和3.1版本中存在安全漏洞,该漏洞源于远程服务器会根据用户账户是否存在返回消息。远程攻击者可通过向Session web服务发送SecEnterprise身份验证请求利用该漏洞枚举有效的用户名。
CVSS Information
N/A
Vulnerability Type
N/A