CVE-2018-2446

Published: Aug 14, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.

Affected (2)

Products: Sap: Businessobjects Business Intelligence

Sap

1 product

Businessobjects Business Intelligence

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Business Intelligence	Version 4.1
Sap Businessobjects Business Intelligence	Version 4.2

References (6)

http://www.securityfocus.com/bid/105089

Source: cna@sap.com

Third Party AdvisoryVDB Entry

https://launchpad.support.sap.com/#/notes/2633846

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

Source: cna@sap.com

Vendor Advisory

http://www.securityfocus.com/bid/105089

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://launchpad.support.sap.com/#/notes/2633846

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.