CVE-2018-2442

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.
References
Configurations

Configuration 1

cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_graphics_server:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_graphics_server:7.20ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_graphics_server:7.45:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_graphics_server:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_graphics_server:7.53:*:*:*:*:*:*:*

Information

Published : 2018-08-14 04:29

Updated : 2018-10-11 05:19


NVD link : CVE-2018-2442

Mitre link : CVE-2018-2442

Products Affected
No products.
CWE