CVE-2018-2427
HIGHSAP BusinessObjects Business Intelligence Suite 4.10-4.20 - Code Injection
Title source: llmDescription
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
References (3)
Core 3
Core References
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2620738
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104715
Patch, Vendor Advisory x_refsource_confirm
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
Scores
CVSS v3
8.8
EPSS
0.0064
EPSS Percentile
70.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (3)
sap/businessobjects_business_intelligence
4.10
sap/businessobjects_business_intelligence
4.20
sap/crystal_reports
Published
Jul 10, 2018
Tracked Since
Feb 18, 2026