CVE-2018-2432
published 2018-07-10CVE-2018-2432: SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | businessobjects_business_intelligence | — | — |
| sap | businessobjects_business_intelligence | — | — |
| sap | businessobjects_business_intelligence | — | — |
| sap | sap_businessobjects_business_intelligence | — | — |
| sap | sap_businessobjects_business_intelligence | — | — |
| sap | sap_businessobjects_business_intelligence | — | — |