SAP BusinessObjects BI Platform CVE-2018-2447 Unspecified SQL Injection Vulnerability

Bugtraq ID:	105075
Class:	Input Validation Error
CVE:	CVE-2018-2447
Remote:	Yes
Local:	No
Published:	Aug 14 2018 12:00AM
Updated:	Aug 14 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	SAP BusinessObjects BI Platform 4.2
Not Vulnerable:

SAP BusinessObjects BI Platform CVE-2018-2447 Unspecified SQL Injection Vulnerability

SAP BusinessObjects BI Platform is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SAP BusinessObjects BI Platform version 4.2 is vulnerable.

SAP BusinessObjects BI Platform CVE-2018-2447 Unspecified SQL Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

SAP BusinessObjects BI Platform CVE-2018-2447 Unspecified SQL Injection Vulnerability

References:

• SAP Homepage (SAP)
  
• SAP Security Note # 2644154 (SAP)
  
• SAP Security Patch Day �?? August 2018 (SAP)