CVE-2018-2432

Опубликовано: 10 июл. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 4.9

EPSS Низкий

Описание

SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking.

Ссылки

http://www.securityfocus.com/bid/104716
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2523290
Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
Patch
Vendor Advisory
http://www.securityfocus.com/bid/104716
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2523290
Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:businessobjects_business_intelligence:4.1:*:*:*:*:*:*:*

cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:*:*:*:*:*:*:*

cpe:2.3:a:sap:businessobjects_business_intelligence:4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00399

Низкий

5.4 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x89x-j6p8-53mc