CVE-2018-2397

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 61.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Objects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedMar 14

Latest updateMay 13

Description

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform4 versions+3

▶CVEListV5sap_se/sap_business_objects_business_intelligence_platform4 versions+3

🔴Vulnerability Details

GHSA

GHSA-jxh7-jq76-g53g: In SAP Business Objects Business Intelligence Platform, 4↗2022-05-13

▶

CVEList

CVE-2018-2397: In SAP Business Objects Business Intelligence Platform, 4↗2018-03-14

▶