Vulnerability Description
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Businessobjects Business Intelligence | 4.1 |
References
- http://www.securityfocus.com/bid/105089Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2633846Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742Vendor Advisory
- http://www.securityfocus.com/bid/105089Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2633846Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742Vendor Advisory
FAQ
What is CVE-2018-2446?
CVE-2018-2446 is a vulnerability with a CVSS score of 7.5 (HIGH). Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
How severe is CVE-2018-2446?
CVE-2018-2446 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-2446?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Businessobjects Business Intelligence.