CVE-2018-2445

CWE-918 — Server-Side Request Forgery (SSRF)3 documents3 sources

Severity

9.6CRITICAL

EPSS

0.2%

top 57.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence

Timeline

PublishedAug 14

Latest updateMay 14

Description

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:NExploitability: 3.1 | Impact: 5.8

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence4.1, 4.2+1

▶CVEListV5sap/sap_businessobjects_business_intelligence_platform4.1, 4.2+1

🔴Vulnerability Details

GHSA

GHSA-5fxm-9pf8-gq25: AdminTools in SAP BusinessObjects Business Intelligence, versions 4↗2022-05-14

▶

CVEList

CVE-2018-2445: AdminTools in SAP BusinessObjects Business Intelligence, versions 4↗2018-08-14

▶