CVE-2018-2451

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

6.6MEDIUM

EPSS

0.4%

top 40.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Hana Extended Application Services SAP Hana Extended Application Services

Timeline

PublishedAug 14

Latest updateMay 13

Description

XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session h…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages2 packages

▶NVDsap/hana_extended_application_services1.0

▶CVEListV5sap/sap_hana_extended_application_services1.0

Patches

Patch: wiki.scn.sap.com ↗Patch: wiki.scn.sap.com ↗

🔴Vulnerability Details

GHSA

GHSA-w5mg-8gpq-pmwq: XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintention↗2022-05-13

▶

CVEList

CVE-2018-2451: XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintention↗2018-08-14

▶