Vulnerability Details CVE-2018-2427
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/bid/104715
- https://launchpad.support.sap.com/#/notes/2620738
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
- http://www.securityfocus.com/bid/104715
- https://launchpad.support.sap.com/#/notes/2620738
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
Products affected by CVE-2018-2427
-
cpe:2.3:a:sap:businessobjects_business_intelligence:4.10
-
cpe:2.3:a:sap:businessobjects_business_intelligence:4.20
-
cpe:2.3:a:sap:crystal_reports:-