Description
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103702
Vendor Advisory x_refsource_confirm
https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2614141
Scores
CVSS v3
6.3
EPSS
0.0023
EPSS Percentile
45.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-384
Status
published
Products (1)
sap/cloud_platform
2.0
Published
Apr 10, 2018
Tracked Since
Feb 18, 2026