CVE-2018-2432

medium

Description

SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000

https://launchpad.support.sap.com/#/notes/2523290

http://www.securityfocus.com/bid/104716

Details

Source: Mitre, NVD

Published: 2018-07-10

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00423