CVE-2018-2427

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.

Published: Jul 10, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-2427
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
sap / businessobjects_business_intelligence	4.10	4.10.x
sap / businessobjects_business_intelligence	4.20	4.20.x

http://www.securityfocus.com/bid/104715
https://launchpad.support.sap.com/#/notes/2620738
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000

Vulnerability Database

CVE-2018-2427

Deep Security Visibility Without the Complexity