Описание
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.2:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00168
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
EPSS
Процентиль: 38%
0.00168
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352