CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-2432

SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.7%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 4.9

References

http://www.securityfocus.com/bid/104716
https://launchpad.support.sap.com/#/notes/2523290
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
http://www.securityfocus.com/bid/104716
https://launchpad.support.sap.com/#/notes/2523290
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000

Products affected by CVE-2018-2432

Sap » Businessobjects Business Intelligence » Version: 4.1

cpe:2.3:a:sap:businessobjects_business_intelligence:4.1
Sap » Businessobjects Business Intelligence » Version: 4.2

cpe:2.3:a:sap:businessobjects_business_intelligence:4.2
Sap » Businessobjects Business Intelligence » Version: 4.3

cpe:2.3:a:sap:businessobjects_business_intelligence:4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-2432

Products

Pricing

Contact Us