CVE-2018-2445

critical

Description

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

https://launchpad.support.sap.com/#/notes/2630018

http://www.securityfocus.com/bid/105064

Details

Source: Mitre, NVD

Published: 2018-08-14

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00237