Sap Se Sap Business Objects vulnerabilities

CVE-2022-31598 [MEDIUM] CWE-345 CVE-2022-31598: Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated at Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

CVE-2018-2408 [HIGH] CWE-384 CVE-2018-2408: Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchp Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.