CVE-2018-2447

Опубликовано: 14 авг. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.

Ссылки

http://www.securityfocus.com/bid/105075
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2644154
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
Vendor Advisory
http://www.securityfocus.com/bid/105075
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2644154
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00414

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-mrv3-h573-pvqg