Skip to main content

Businessobjects Business Intelligence CVE-2018-2473

MEDIUM
2018-11-13 cna@sap.com
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 13, 2018 - 20:29 nvd
MEDIUM 6.5

DescriptionNVD

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

AnalysisAI

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Affected products include: Sap Businessobjects Business Intelligence.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-40622 CRITICAL
9.9 Sep 12

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition a

CVE-2023-28765 CRITICAL
9.8 Apr 11

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - version

CVE-2018-2445 CRITICAL
9.6 Aug 14

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnera

CVE-2023-37490 CRITICAL
9.0 Aug 08

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an

CVE-2022-41203 HIGH
8.8 Nov 08

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated atta

CVE-2018-2442 HIGH
8.8 Aug 14

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI

CVE-2018-2427 HIGH
8.8 Jul 10

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Stu

CVE-2025-23192 HIGH
8.2 Jun 10

Stored Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects BI Workspace that allows unauthenticated attacker

CVE-2022-32245 HIGH
8.2 Aug 10

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attack

CVE-2019-0268 HIGH
8.1 Mar 12

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently val

CVE-2022-28214 HIGH
7.8 May 11

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication

CVE-2023-30740 HIGH
7.6 May 09

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensi

Share

CVE-2018-2473 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy