CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-2445

CRITICAL
9.6
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile44.43th
Published2018年8月14日
Last Modified2024年11月21日

Vulnerability Description

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.

Affected Platforms (CPE)

📦
Sap

Businessobjects Business Intelligence

= 4.1
📦
Sap

Businessobjects Business Intelligence

= 4.2

References & Advisories

🔗 http://www.securityfocus.com/bid/105064
🔗 https://launchpad.support.sap.com/#/notes/2630018
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
🔗 http://www.securityfocus.com/bid/105064
🔗 https://launchpad.support.sap.com/#/notes/2630018
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

関連する脆弱性情報

CVE-2018-24428.8

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad...

CVE-2018-24278.8

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, ...

CVE-2019-03988.8

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions ...

CVE-2019-02688.1

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an X...