Описание
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.
Ссылки
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:businessobjects_business_intelligence:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:sap:internet_graphics_server:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_graphics_server:7.20ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_graphics_server:7.45:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_graphics_server:7.49:*:*:*:*:*:*:*
cpe:2.3:a:sap:internet_graphics_server:7.53:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.0018
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.
EPSS
Процентиль: 40%
0.0018
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352