CVE-2018-2445

Published: Aug 14, 2018Modified: Nov 21, 2024

9.6

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Exploitability: 3.1 / Impact: 5.8

Source: NVD

Description

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.

Affected (2)

Products: Sap: Businessobjects Business Intelligence

1 product

Businessobjects Business Intelligence

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Business Intelligence	Version 4.1
Sap Businessobjects Business Intelligence	Version 4.2

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

http://www.securityfocus.com/bid/105064

Source: cna@sap.com

Third Party AdvisoryVDB Entry

https://launchpad.support.sap.com/#/notes/2630018

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

Source: cna@sap.com

Vendor Advisory

http://www.securityfocus.com/bid/105064

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://launchpad.support.sap.com/#/notes/2630018

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.