1. CVE-Search
  2. CVE-2018-2446
ID CVE-2018-2446
Summary Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:businessobjects_business_intelligence:4.1:-:*:*:*:*:*:*
    cpe:2.3:a:sap:businessobjects_business_intelligence:4.1:-:*:*:*:*:*:*
  • cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:-:*:*:*:*:*:*
    cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:-:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-09-2020 - 19:13)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 105089
confirm https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
misc https://launchpad.support.sap.com/#/notes/2633846
Last major update 29-09-2020 - 19:13
Published 14-08-2018 - 16:29
Last modified 29-09-2020 - 19:13
Back to Top