Vulnerabilities > CVE-2018-2499 - Unspecified vulnerability in SAP products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2019-01-08

Updated: 2020-08-24

Summary

A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Financial Consolidation Cube Designer Bobj Eades 8.0 SAP Financial Consolidation Cube Designer 10.1	2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985
https://launchpad.support.sap.com/#/notes/2699233
http://www.securityfocus.com/bid/106466