CVE-2018-2446

4 documents4 sources

Severity

7.5HIGH

EPSS

0.7%

top 28.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Businessobjects Business Intelligence SAP Businessobjects Business Intelligence

Timeline

PublishedAug 14

Latest updateMay 13

Description

Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence4.1, 4.2+1

▶CVEListV5sap/sap_businessobjects_business_intelligence4.1, 4.2+1

🔴Vulnerability Details

GHSA

GHSA-74cw-4rxr-9g52: Admin tools in SAP BusinessObjects Business Intelligence, versions 4↗2022-05-13

▶

CVEList

CVE-2018-2446: Admin tools in SAP BusinessObjects Business Intelligence, versions 4↗2018-08-14

▶

📋Vendor Advisories

Apache

Apache tika: CVE-2018-11762↗

▶