CyberSec.Space Logo
Back to CVE Browser

CVE-2018-2445

CRITICAL
9.6
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile44.43th
PublishedAug 14, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.

Affected Platforms (CPE)

πŸ“¦
Sap

Businessobjects Business Intelligence

= 4.1
πŸ“¦
Sap

Businessobjects Business Intelligence

= 4.2

References & Advisories

πŸ”— http://www.securityfocus.com/bid/105064
πŸ”— https://launchpad.support.sap.com/#/notes/2630018
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
πŸ”— http://www.securityfocus.com/bid/105064
πŸ”— https://launchpad.support.sap.com/#/notes/2630018
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

Related Vulnerabilities

CVE-2018-24428.8

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad...

CVE-2018-24278.8

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, ...

CVE-2019-03988.8

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions ...

CVE-2019-02688.1

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an X...