SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking.
References
Link | Resource |
---|---|
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 | Patch Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2523290 | Permissions Required |
http://www.securityfocus.com/bid/104716 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-07-10 11:29
Updated : 2020-08-24 10:37
NVD link : CVE-2018-2432
Mitre link : CVE-2018-2432
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
sap
- businessobjects_business_intelligence