CVE-2018-2370

Name of the Vulnerable Software and Affected Versions SAP Central Management Console, BI Launchpad and Fiori BI Launchpad versions 4.10, from 4.20, from 4.30

Description The issue allows a malicious user to use common techniques to determine which ports are in use on the backend server. This is due to a Server Side Request Forgery (SSRF) vulnerability.

Recommendations For versions 4.10, consider restricting access to the backend server to minimize the risk of exploitation. For versions from 4.20, from 4.30, avoid using common techniques that could be used to determine open ports on the backend server until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.