Vulnerabilities > CVE-2018-2499 - Unspecified vulnerability in SAP products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2019-01-08

Updated: 2020-08-24

Summary

A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Financial Consolidation Cube Designer 10.1 SAP Financial Consolidation Cube Designer Bobj Eades 8.0	2

References

http://www.securityfocus.com/bid/106466
https://launchpad.support.sap.com/#/notes/2699233
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985