CVE-2018-2432

Summary

SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking.

Affected Software

VendorProductVersion RangeStatus
SAPSAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console)= 4.10affected
SAPSAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console)= 4.20affected
SAPSAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console)= 4.30affected

Weaknesses

  • Header Manipulation

ADP Enrichment

CVE Program Container

Additional References

References