CVE-2019-0398

EUVD-2019-1171
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
sapbusinessobjects_business_intelligence_platform
4.1
sapbusinessobjects_business_intelligence_platform
4.2
sapbusinessobjects_business_intelligence_platform
4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2701027
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397
https://launchpad.support.sap.com/#/notes/2701027
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397