CVE-2018-2432 Information

Description

SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks including: cross-site scripting and page hijacking.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/104716 https://launchpad.support.sap.com//notes/2523290 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4