nvd-json-data-feeds/CVE-2018/CVE-2018-24xx/CVE-2018-2442.json

{
  "id": "CVE-2018-2442",
  "sourceIdentifier": "cna@sap.com",
  "published": "2018-08-14T16:29:00.677",
  "lastModified": "2018-10-11T17:19:45.970",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid."
    },
    {
      "lang": "es",
      "value": "En SAP BusinessObjects Business Intelligence, en versiones 4.0, 4.1 y 4.2, mientras se visualiza un informe Web Intelligence del BI Launchpad, los detalles de la sesi\u00f3n de usuario capturados por una herramienta de an\u00e1lisis HTTP podr\u00edan reutilizarse en una p\u00e1gina HTML mientras la sesi\u00f3n de usuario sigue siendo v\u00e1lida."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27B3BCCC-6A59-4651-8384-6D764309547F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "321A6FA2-0182-4C03-B367-80D2CE064493"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAD665A3-D351-4BDE-819F-C296F484F926"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:internet_graphics_server:7.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB63DB38-282E-44F5-B998-E0A419CBDDDF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:internet_graphics_server:7.20ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "52899667-D267-4399-B1DD-428DCFAFECAA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:internet_graphics_server:7.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F87D81E-242D-4679-8DB3-479DB2A98F46"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:internet_graphics_server:7.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19FB816-EFD3-46EA-A144-699055394B86"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:internet_graphics_server:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAE591D5-05DA-41FE-A9C1-0A5521E83024"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/105078",
      "source": "cna@sap.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://launchpad.support.sap.com/#/notes/2407193",
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}