First published: Tue Aug 14 2018(Updated: )
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP BusinessObjects Business Intelligence | =4.1 | |
SAP BusinessObjects Business Intelligence | =4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-2445.
The severity of CVE-2018-2445 is critical with a severity value of 9.6.
The affected software for CVE-2018-2445 is SAP BusinessObjects Business Intelligence versions 4.1 and 4.2.
CVE-2018-2445 is a Server-Side Request Forgery (SSRF) vulnerability in AdminTools in SAP BusinessObjects Business Intelligence versions 4.1 and 4.2, allowing an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
To fix the vulnerability CVE-2018-2445, it is recommended to apply the necessary security patches provided by SAP.