CVE-2018-2408

HIGH

SAP Business Objects <4.10-4.30 - Privilege Escalation

Title source: llm

Description

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/

Permissions Required x_refsource_misc

https://launchpad.support.sap.com/#/notes/2537150

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103700

Scores

CVSS v3 7.3

EPSS 0.0021

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-384

Status published

Products (4)

sap/businessobjects 4.0

sap/businessobjects 4.10

sap/businessobjects 4.20

sap/businessobjects 4.30

Published Apr 10, 2018

Tracked Since Feb 18, 2026