Vulnerabilities > CVE-2018-2370 - Server-Side Request Forgery (SSRF) vulnerability in SAP BI Launchpad 4.10/4.20/4.30
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/102998
- http://www.securityfocus.com/bid/102998
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
- https://launchpad.support.sap.com/#/notes/2493727
- https://launchpad.support.sap.com/#/notes/2493727