Vulnerability Details : CVE-2018-2458
Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted.
Products affected by CVE-2018-2458
- cpe:2.3:a:sap:business_one:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:sap:business_one:9.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-2458
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-2458
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2018-2458
-
http://www.securityfocus.com/bid/105307
SAP Business One CVE-2018-2458 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://launchpad.support.sap.com/#/notes/2670284
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
SAP Security Patch Day – September 2018 - Product Security Response at SAP - SCN WikiVendor Advisory
Jump to