CVE-2018-2427

{"id": "CVE-2018-2427", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-07-10T18:29:00.767", "references": [{"url": "http://www.securityfocus.com/bid/104715", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2620738", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000", "tags": ["Patch", "Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."}, {"lang": "es", "value": "SAP BusinessObjects Business Intelligence Suite, en versiones 4.10 y 4.20, y SAP Crystal Reports (versi\u00f3n para Visual Studio .NET, Version 2010) permite que un atacante inyecte c\u00f3digo que puede ser ejecutado por la aplicaci\u00f3n. Un atacante podr\u00eda, por lo tanto, controlar el comportamiento de la aplicaci\u00f3n."}], "lastModified": "2018-09-06T13:04:43.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E42DCEF8-02FD-478F-BE45-B4F5D916E6DE"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99D62B4-D2DD-4BDC-9660-D607D86259E3"}, {"criteria": "cpe:2.3:a:sap:crystal_reports:-:*:*:*:*:visual_studio_.net_2010:*:*", "vulnerable": true, "matchCriteriaId": "274A169F-42A5-4A5A-83A9-A7695A6F112F"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}