CVE-2019-0398

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
sapbusinessobjects_business_intelligence_platform
4.1
sapbusinessobjects_business_intelligence_platform
4.2
sapbusinessobjects_business_intelligence_platform
4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2701027
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397
https://launchpad.support.sap.com/#/notes/2701027
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397