Published: 10/04/2018 Updated: 09/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap businessobjects 4.20
sap businessobjects 4.0
sap businessobjects 4.10
sap businessobjects 4.30

SAP's Business Client can own entire apps, DDOS them into dust

The Register • Richard Chirgwin • 11 Apr 2018

And that's the worst of ten patches awaiting lucky, lucky SAP admins

SAP has issued its April security update, which brings a waiting world news of ten patch-worthy problems. The nastiest has a CVSS rating of 9.8 and impacts SAP's Business Client, the desktop tool to access much of its wares. Details of the problem are behind a registration wall, but according to ERP Scan, the vulnerability is a memory corruption bug that allows an attacker to inject crafted code into working memory. The outcome can be "complete control” over the application, denial of service,...

CVE-2018-2408

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect