CVE-2018-2408

CWE-3843 documents3 sources

Severity

7.3HIGH

EPSS

0.2%

top 56.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Objects SAP Businessobjects

Timeline

PublishedApr 10

Latest updateMay 13

Description

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

▶NVDsap/businessobjects4 versions+3

▶CVEListV5sap_se/sap_business_objects4 versions+3

🔴Vulnerability Details

GHSA

GHSA-qq2m-786r-7m25: Improper Session Management in SAP Business Objects, 4↗2022-05-13

▶

CVEList

CVE-2018-2408: Improper Session Management in SAP Business Objects, 4↗2018-04-10

▶