CVE-2018-2370

MEDIUM

SAP BI Launchpad 4.10, 4.20, 4.30 - Server-Side Request Forgery

Title source: llm

Description

Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server.

References (3)

Core 3

Core References

Permissions Required x_refsource_confirm

https://launchpad.support.sap.com/#/notes/2493727

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102998

Vendor Advisory x_refsource_confirm

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/

Scores

CVSS v3 5.3

EPSS 0.0021

EPSS Percentile 43.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-918

Status published

Products (3)

sap/bi_launchpad 4.10

sap/bi_launchpad 4.20

sap/bi_launchpad 4.30

Published Feb 14, 2018

Tracked Since Feb 18, 2026