CVE-2018-2446

high

Description

Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

https://launchpad.support.sap.com/#/notes/2633846

http://www.securityfocus.com/bid/105089

Details

Source: Mitre, NVD

Published: 2018-08-14

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00789