CVE-2018-12354

EUVD-2018-4328
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
knowage-suiteknowage
6.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55
https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55