CVE-2018-2409

Published: Apr 10, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.

Affected (1)

Products: Sap: Cloud Platform

Sap

1 product

Cloud Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Cloud Platform	Version 2.0

Related CWEs

CWE-384

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (6)

http://www.securityfocus.com/bid/103702

Source: cna@sap.com

Third Party AdvisoryVDB Entry

https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2614141

Source: cna@sap.com

Permissions Required

http://www.securityfocus.com/bid/103702

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2614141

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.