PT-2018-15569 · Sap · Sap Businessobjects Business Intelligence

Publicado

2018-08-14

·

Atualizado

2018-10-11

·

CVE-2018-2447

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence) version 4.2
Description The issue allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.
Recommendations For version 4.2, update to a version that includes a fix for this issue to prevent exposure of the CMS InfoObjects database.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2018-2447

Produtos afetados

Sap Businessobjects Business Intelligence