SAP BusinessObjects Business Intelligence CVE-2018-2446 Information Disclosure Vulnerability

Bugtraq ID:	105089
Class:	Input Validation Error
CVE:	CVE-2018-2446
Remote:	Yes
Local:	No
Published:	Aug 15 2018 12:00AM
Updated:	Aug 15 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	SAP BusinessObjects Business Intelligence 4.2 SAP BusinessObjects Business Intelligence 4.1
Not Vulnerable:

SAP BusinessObjects Business Intelligence CVE-2018-2446 Information Disclosure Vulnerability

SAP BusinessObjects Business Intelligence is prone to a information disclosure vulnerability.

An attacker can exploit this issue to gain sensitive information, that may aid in further attacks.

SAP BusinessObjects Business Intelligence versions 4.1, and 4.2 are vulnerable.

SAP BusinessObjects Business Intelligence CVE-2018-2446 Information Disclosure Vulnerability

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

SAP BusinessObjects Business Intelligence CVE-2018-2446 Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

SAP BusinessObjects Business Intelligence CVE-2018-2446 Information Disclosure Vulnerability

References:

• SAP Homepage (SAP)
  
• SAP Security Note # 2633846 (SAP)
  
• SAP Security Patch Day �?? August 2018 (SAP)