CVE-2018-2427
Summary
| CVE | CVE-2018-2427 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-10 18:29:00 UTC |
| Updated | 2018-09-06 13:04:00 UTC |
| Description | SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Businessobjects Business Intelligence | 4.10 | All | All | All |
| Application | Sap | Businessobjects Business Intelligence | 4.20 | All | All | All |
| Application | Sap | Businessobjects Business Intelligence | 4.10 | All | All | All |
| Application | Sap | Businessobjects Business Intelligence | 4.20 | All | All | All |
| Application | Sap | Crystal Reports | - | All | All | All |
| Application | Sap | Crystal Reports | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SAP BusinessObjects Business Intelligence Suite Remote Code Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | Permissions Required |
| SAP Security Patch Day – July 2018 - Product Security Response at SAP - Community Wiki | CONFIRM | wiki.scn.sap.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.