CVE-2018-2397

Summary

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Business Objects Business Intelligence Platform4.00affected
SAP SESAP Business Objects Business Intelligence Platform4.10affected
SAP SESAP Business Objects Business Intelligence Platform4.20affected
SAP SESAP Business Objects Business Intelligence Platform4.30affected

Weaknesses

  • Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References