PT-2018-15569 · Sap · Sap Businessobjects Business Intelligence
Published
2018-08-14
·
Updated
2018-10-11
·
CVE-2018-2447
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence) version 4.2
Description
The issue allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.
Recommendations
For version 4.2, update to a version that includes a fix for this issue to prevent exposure of the CMS InfoObjects database.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Businessobjects Business Intelligence