Vulnerabilities > CVE-2018-2445 - Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2

047910
CVSS 9.6 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
sap
CWE-918
critical
NVD
Published: 2018-08-14
Updated: 2018-10-15

Summary

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.

Vulnerable Configurations

Part Description Count
Application
Sap
2

Common Weakness Enumeration (CWE)

References