SAP BusinessObjects BI Platform Server Side Request Forgery Security Bypass Vulnerability

Bugtraq ID:	105064
Class:	Input Validation Error
CVE:	CVE-2018-2445
Remote:	Yes
Local:	No
Published:	Aug 14 2018 12:00AM
Updated:	Dec 28 2018 07:00AM
Credit:	The vendor reported this issue.
Vulnerable:	SAP BusinessObjects BI Platform 4.2 SAP BusinessObjects BI Platform 4.1
Not Vulnerable:

SAP BusinessObjects BI Platform Server Side Request Forgery Security Bypass Vulnerability

SAP BusinessObjects BI Platform is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

SAP BusinessObjects Business Intelligence Platform Versions 4.1, and 4.2 are vulnerable.

SAP BusinessObjects BI Platform Server Side Request Forgery Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

SAP BusinessObjects BI Platform Server Side Request Forgery Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

SAP BusinessObjects BI Platform Server Side Request Forgery Security Bypass Vulnerability

References:

• SAP Homepage (SAP)
  
• SAP Security Note # 2630018 (SAP)
  
• SAP Security Patch Day �?? August 2018 (SAP)
  
• SAP Security Patch Day �?? November 2018 (SAP)