CVE-2018-2442

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/105078	Third Party Advisory VDB Entry
https://launchpad.support.sap.com/#/notes/2407193	Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:businessobjects_business_intelligence:4.0:::::::*
	cpe:2.3:a:sap:businessobjects_business_intelligence:4.1:::::::*
	cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:sap:internet_graphics_server:7.20:::::::*
	cpe:2.3:a:sap:internet_graphics_server:7.20ext:::::::*
	cpe:2.3:a:sap:internet_graphics_server:7.45:::::::*
	cpe:2.3:a:sap:internet_graphics_server:7.49:::::::*
	cpe:2.3:a:sap:internet_graphics_server:7.53:::::::*

History

No history.

Information

Published : 2018-08-14 16:29

Updated : 2018-10-11 17:19

NVD link : CVE-2018-2442

Mitre link : CVE-2018-2442

CVE.ORG link : CVE-2018-2442

JSON object : View

Products Affected

sap

internet_graphics_server
businessobjects_business_intelligence

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2018-2442", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-08-14T16:29:00.677", "references": [{"url": "http://www.securityfocus.com/bid/105078", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2407193", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid."}, {"lang": "es", "value": "En SAP BusinessObjects Business Intelligence, en versiones 4.0, 4.1 y 4.2, mientras se visualiza un informe Web Intelligence del BI Launchpad, los detalles de la sesi\u00f3n de usuario capturados por una herramienta de an\u00e1lisis HTTP podr\u00edan reutilizarse en una p\u00e1gina HTML mientras la sesi\u00f3n de usuario sigue siendo v\u00e1lida."}], "lastModified": "2018-10-11T17:19:45.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27B3BCCC-6A59-4651-8384-6D764309547F"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "321A6FA2-0182-4C03-B367-80D2CE064493"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAD665A3-D351-4BDE-819F-C296F484F926"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:internet_graphics_server:7.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB63DB38-282E-44F5-B998-E0A419CBDDDF"}, {"criteria": "cpe:2.3:a:sap:internet_graphics_server:7.20ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52899667-D267-4399-B1DD-428DCFAFECAA"}, {"criteria": "cpe:2.3:a:sap:internet_graphics_server:7.45:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F87D81E-242D-4679-8DB3-479DB2A98F46"}, {"criteria": "cpe:2.3:a:sap:internet_graphics_server:7.49:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E19FB816-EFD3-46EA-A144-699055394B86"}, {"criteria": "cpe:2.3:a:sap:internet_graphics_server:7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAE591D5-05DA-41FE-A9C1-0A5521E83024"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}