CVE-2018-18569

Name of the Vulnerable Software and Affected Versions Dundas BI server versions prior to 5.0.1.1010

Description The issue allows an attacker to perform a Server-Side Request Forgery attack, enabling them to forge arbitrary requests that will be executed on their behalf. This is achieved via the viewUrl parameter of the "export the dashboard as an image" feature. The attack could be used to create a proxy for attacking other servers, either internal or external, or to conduct network scans of external or internal networks.

Recommendations For versions prior to 5.0.1.1010, update to version 5.0.1.1010 or later to resolve the issue. As a temporary workaround, consider restricting access to the "export the dashboard as an image" feature or disabling the use of the viewUrl parameter until a patch is applied.