CVE-2018-2442

2018-08-1416:00:00

sap

www.cve.org

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.

CNA Affected

[
  {
    "product": "SAP BusinessObjects Business Intelligence",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "4.0"
      },
      {
        "status": "affected",
        "version": "4.1"
      },
      {
        "status": "affected",
        "version": "4.2"
      }
    ]
  }
]