SAP BI LaunchPad Unspecified Cross Site Request Forgery Vulnerability

SAP BI LaunchPad is prone to an unspecified cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Information

Bugtraq ID: 97563
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Apr 11 2017 12:00AM
Updated: Apr 12 2017 10:03AM
Credit: The vendor reported this issue.
Vulnerable: SAP BI LaunchPad 0

Not Vulnerable:

Exploit

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

References:

• SAP Homepage (SAP)
  
• SAP Note 2403010 (SAP)
  
• SAP Security Patch Day â?? April 2017 (SAP)
  

Source: www.securityfocus.com