CVE-2018-2397

MEDIUM

SAP BusinessObjects Business Intelligence Platform 4.00-4.30 - Cross-Site Scripting in Central Management Console

Title source: llm

Description

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/

Permissions Required x_refsource_confirm

https://launchpad.support.sap.com/#/notes/2550538

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103373

Scores

CVSS v3 5.4

EPSS 0.0017

EPSS Percentile 37.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (4)

sap/businessobjects_business_intelligence_platform 4.00

sap/businessobjects_business_intelligence_platform 4.10

sap/businessobjects_business_intelligence_platform 4.20

sap/businessobjects_business_intelligence_platform 4.30

Published Mar 14, 2018

Tracked Since Feb 18, 2026