CVE-2019-0398 — Cross-Site Request Forgery in SE SAP Businessobjects Business Intelligence Platform

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 62.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedDec 11

Latest updateMay 24

Description

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform4.1, 4.2, 4.3+2

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platformbefore 4.1, before 4.2, before 4.3+2

🔴Vulnerability Details

GHSA

GHSA-59p6-7864-jc64: Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4↗2022-05-24

▶

CVEList

CVE-2019-0398: Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4↗2019-12-11

▶