CVE-2018-2432
Last modified
CVE-2018-2432 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking.. EPSS estimates a 0.74% chance of exploitation in the next 30 days.
Description
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Businessobjects Business Intelligence | 4.1 |
| Sap | Businessobjects Business Intelligence | 4.2 |
| Sap | Businessobjects Business Intelligence | 4.3 |
References
- http://www.securityfocus.com/bid/104716Third Party Advisory, VDB Entry
- https://launchpad.support.sap.com/#/notes/2523290Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000Patch, Vendor Advisory
- http://www.securityfocus.com/bid/104716Third Party Advisory, VDB Entry
- https://launchpad.support.sap.com/#/notes/2523290Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-2432?
How severe is CVE-2018-2432?
How do I fix CVE-2018-2432?
Are you affected by CVE-2018-2432?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST