CVE-2018-2397
Description
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.169
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-2397 are affected in SAP Business Objects Business Intelligence Platform 4.00 | Windows |
| Vulnerabilities CVE-2018-2397,CVE-2018-2471,CVE-2019-0352 are affected in SAP Business Objects Business Intelligence Platform 4.10 | Windows |
| Vulnerabilities CVE-2018-2397,CVE-2018-2471,CVE-2019-0352,CVE-2021-40500 are affected in SAP Business Objects Business Intelligence Platform 4.20 | Windows |
| Vulnerabilities CVE-2018-2397,CVE-2019-0352,CVE-2021-40500 are affected in SAP Business Objects Business Intelligence Platform 4.30 | Windows |
| Vulnerabilities CVE-2018-2397 are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.00 | Windows |
| Vulnerabilities CVE-2018-2397,CVE-2018-2471,CVE-2019-0352 are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.10 | Windows |
| Vulnerabilities CVE-2018-2397,CVE-2018-2471,CVE-2019-0352,CVE-2021-40500 are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.20 | Windows |
| Vulnerabilities CVE-2018-2397,CVE-2019-0352,CVE-2021-40500 are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.30 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234