CVE-2018-2447: SQL Injection
First published: Tue Aug 14 2018(Updated: )
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP BusinessObjects Business Intelligence | =4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP BusinessObjects Business Intelligence vulnerability?
The vulnerability ID for this SAP BusinessObjects Business Intelligence vulnerability is CVE-2018-2447.
What is the severity of CVE-2018-2447?
The severity of CVE-2018-2447 is medium with a CVSS score of 6.5.
How does the vulnerability in SAP BusinessObjects Business Intelligence version 4.2 allow an attacker to exploit it?
The vulnerability in SAP BusinessObjects Business Intelligence version 4.2 allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.
What software version is affected by this vulnerability?
This vulnerability affects SAP BusinessObjects Business Intelligence version 4.2.
Where can I find more information about CVE-2018-2447?
More information about CVE-2018-2447 can be found at the following references: [1](http://www.securityfocus.com/bid/105075), [2](https://launchpad.support.sap.com/#/notes/2644154), [3](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/event
- agent/type
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap businessobjects business intelligence
- version/sap businessobjects business intelligence/4.2