Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform

4.2 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Description

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued tokens after authentication, the attacker could assume the victim�s authenticated context. This could allow the attacker to access or modify information within the victim�s session scope, impacting confidentiality and integrity, while availability remains unaffected.

Basic Information

ID CVE-2026-24318

Source sap

Published Apr 14, 2026 at 00:06

Affected Product

Vendor SAP_SE

Product SAP BusinessObjects Business Intelligence Platform

Version ENTERPRISE 430

Affected Versions SAP_SE SAP BusinessObjects Business Intelligence Platform ENTERPRISE 430
SAP_SE SAP BusinessObjects Business Intelligence Platform 2025
SAP_SE SAP BusinessObjects Business Intelligence Platform 2027

CWE Classification

CWE-539

References

{
    "lastseen": "",
    "description": "Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim\ufffds session. If the application continues to accept previously issued tokens after authentication, the attacker could assume the victim\ufffds authenticated context. This could allow the attacker to access or modify information within the victim\ufffds session scope, impacting confidentiality and integrity, while availability remains unaffected.",
    "published": "2026-04-14T00:06:18.337Z",
    "modified": "2026-04-14T00:06:18.337Z",
    "type": "cve",
    "title": "Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform",
    "source": "sap",
    "references": "https://me.sap.com/notes/3702191\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-24318",
    "bulletinFamily": "",
    "cwe": [
        "CWE-539"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP BusinessObjects Business Intelligence Platform ENTERPRISE 430\nSAP_SE SAP BusinessObjects Business Intelligence Platform 2025\nSAP_SE SAP BusinessObjects Business Intelligence Platform 2027",
    "sourceHref": "",
    "cvss": {
        "score": 4.2,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP BusinessObjects Business Intelligence Platform",
    "version": "ENTERPRISE 430",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform_CVE-2026-24318