CSRF in Sap Businessobjects_business_intelligence_platform
CVE-2019-0398
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.005 (36.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Sap Businessobjects_business_intelligence_platform — versions 4.1, 4.2, 4.3
- Sap Se Businessobjects Business Intelligence Platform (Monitoring Application) — versions before 4.1, before 4.2, before 4.3
Weakness classification (CWE)
References
- cna@sap.com (x_refsource_CONFIRM, Vendor Advisory)
- cna@sap.com (Permissions Required, x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2019-0398?
- CVE-2019-0398 is a high-severity vulnerability in Sap Businessobjects_business_intelligence_platform, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2019-12-11.
- How severe is CVE-2019-0398?
- High severity. CVSS v3 base score is 8.8 out of 10.