ID

VAR-201807-1593


CVE

CVE-2018-2427


TITLE

SAP BusinessObjects Business Intelligence Suite and Crystal Reports Code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007841

DESCRIPTION

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. SAP BusinessObjects Business Intelligence Suite is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application

Trust: 1.89

sources: NVD: CVE-2018-2427 // JVNDB: JVNDB-2018-007841 // BID: 104715

AFFECTED PRODUCTS

vendor:sapmodel:businessobjects business intelligencescope:eqversion:4.10

Trust: 1.6

vendor:sapmodel:businessobjects business intelligencescope:eqversion:4.20

Trust: 1.6

vendor:sapmodel:crystal reportsscope:eqversion: -

Trust: 1.6

vendor:sapmodel:crystal reportsscope: - version: -

Trust: 0.8

vendor:sapmodel:business objects business intelligence platformscope:eqversion:4.10

Trust: 0.8

vendor:sapmodel:business objects business intelligence platformscope:eqversion:4.20

Trust: 0.8

vendor:sapmodel:businessobjects business intelligence suitescope:eqversion:4.20

Trust: 0.3

vendor:sapmodel:businessobjects business intelligence suitescope:eqversion:4.10

Trust: 0.3

sources: BID: 104715 // JVNDB: JVNDB-2018-007841 // CNNVD: CNNVD-201807-925 // NVD: CVE-2018-2427

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-2427
value: HIGH

Trust: 1.0

NVD: CVE-2018-2427
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-925
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-2427
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-2427
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-007841 // CNNVD: CNNVD-201807-925 // NVD: CVE-2018-2427

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2018-007841 // NVD: CVE-2018-2427

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-925

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201807-925

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:sap:crystal_reports"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:sap:businessobjects_business_intelligence_platform"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2018-007841

PATCH

title:July 2018 Security Releasesurl:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000

Trust: 0.8

title:SAP BusinessObjects Business Intelligence Suite and Crystal Reports Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84026

Trust: 0.6

sources: JVNDB: JVNDB-2018-007841 // CNNVD: CNNVD-201807-925

EXTERNAL IDS

db:NVDid:CVE-2018-2427

Trust: 2.7

db:BIDid:104715

Trust: 1.3

db:JVNDBid:JVNDB-2018-007841

Trust: 0.8

db:CNNVDid:CNNVD-201807-925

Trust: 0.6

sources: BID: 104715 // JVNDB: JVNDB-2018-007841 // CNNVD: CNNVD-201807-925 // NVD: CVE-2018-2427

REFERENCES

url:https://launchpad.support.sap.com/#/notes/2620738

Trust: 1.9

url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=497256000

Trust: 1.9

url:http://www.securityfocus.com/bid/104715

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-2427

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-2427

Trust: 0.8

url:http://www.sap.com/

Trust: 0.3

sources: BID: 104715 // JVNDB: JVNDB-2018-007841 // CNNVD: CNNVD-201807-925 // NVD: CVE-2018-2427

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 104715

SOURCES

db:BIDid:104715
db:JVNDBid:JVNDB-2018-007841
db:CNNVDid:CNNVD-201807-925
db:NVDid:CVE-2018-2427

LAST UPDATE DATE

2024-11-23T22:38:05.713000+00:00


SOURCES UPDATE DATE

db:BIDid:104715date:2018-07-10T00:00:00
db:JVNDBid:JVNDB-2018-007841date:2018-09-28T00:00:00
db:CNNVDid:CNNVD-201807-925date:2020-07-13T00:00:00
db:NVDid:CVE-2018-2427date:2024-11-21T04:03:47.843

SOURCES RELEASE DATE

db:BIDid:104715date:2018-07-10T00:00:00
db:JVNDBid:JVNDB-2018-007841date:2018-09-28T00:00:00
db:CNNVDid:CNNVD-201807-925date:2018-07-10T00:00:00
db:NVDid:CVE-2018-2427date:2018-07-10T18:29:00.767