CVE-2010-3980 Information

Description

Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the number of CUIDs that may be requested which allows remote authenticated users to cause a denial of service via a large numCuids value in a GenerateCuids SOAPAction to the dswsbobje/services/biplatform URI.

Reference

http://spl0it.org/files/talks/source_barcelona10/Hacking20SAP20BusinessObjects.pdf