Vulnerabilities > CVE-2018-2446 - Unspecified vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2018-08-14

Updated: 2020-09-29

Summary

Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects Business Intelligence 4.1 SAP Businessobjects Business Intelligence 4.2	2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
https://launchpad.support.sap.com/#/notes/2633846
http://www.securityfocus.com/bid/105089