Vulnerability Details CVE-2018-2446
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/105089
- https://launchpad.support.sap.com/#/notes/2633846
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
- http://www.securityfocus.com/bid/105089
- https://launchpad.support.sap.com/#/notes/2633846
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
Products affected by CVE-2018-2446
-
cpe:2.3:a:sap:businessobjects_business_intelligence:4.1
-
cpe:2.3:a:sap:businessobjects_business_intelligence:4.2