CVE-2026-24318Use of Persistent Cookies Containing Sensitive Information in SE SAP Businessobjects Business Intelligence Platform

CWE-539Use of Persistent Cookies Containing Sensitive Information3 documents3 sources
Severity
4.2MEDIUMNVD
EPSS
0.0%
top 90.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Businessobjects Business Intelligence Platform
Timeline
PublishedApr 14

Description

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued tokens after authentication, the attacker could assume the victim�s authenticated context. This could allow the attacker to access or modify information within the victim�s session scope, impacting confident

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages1 packages

CVEListV5sap_se/sap_businessobjects_business_intelligence_platform2025, 2027, ENTERPRISE 430+2

🔴Vulnerability Details

2
GHSA
GHSA-pqj4-h6r8-qxjh: Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain v2026-04-14
CVEList
Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform2026-04-14
CVE-2026-24318 — MEDIUM severity | cvebase