CVE-2018-2483

CWE-287 — Improper Authentication3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 63.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence

Timeline

PublishedNov 13

Latest updateMay 13

Description

HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap/sap_businessobjects_business_intelligence_platform= 4.1, = 4.2+1

▶NVDsap/businessobjects_business_intelligence4.1, 4.2+1

🔴Vulnerability Details

GHSA

GHSA-p9hv-3pfr-pmm2: HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4↗2022-05-13

▶

CVEList

CVE-2018-2483: HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4↗2018-11-13

▶