PT-2018-15556 · Sap · Sap Businessobjects Business Intelligence

Published

2018-07-10

Updated

2020-08-24

CVE-2018-2432

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence versions 4.10 through 4.30

Description The issue allows an attacker to include invalidated data in the HTTP response header sent to a Web user, potentially leading to advanced attacks such as cross-site scripting and page hijacking.

Recommendations For versions 4.10 through 4.30, update to a version that includes the fix for this issue to prevent the inclusion of invalidated data in HTTP response headers.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-2432

Affected Products

Sap Businessobjects Business Intelligence

PT-2018-15556 · Sap · Sap Businessobjects Business Intelligence

CVE-2018-2432

Weakness Enumeration

Related Identifiers

Affected Products

References · 5