CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-2451

MEDIUM
6.6
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile18.96th
Published2018年8月14日
Last Modified2024年11月21日

Vulnerability Description

XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed.

Affected Platforms (CPE)

📦
Sap

Hana Extended Application Services

= 1.0

References & Advisories

🔗 http://www.securityfocus.com/bid/105091
🔗 https://launchpad.support.sap.com/#/notes/2590705
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
🔗 http://www.securityfocus.com/bid/105091
🔗 https://launchpad.support.sap.com/#/notes/2590705
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

相关漏洞威胁

CVE-2015-131110.0

The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, ...

CVE-2019-02619.8

Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication ...

CVE-2018-23768.1

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could ret...

CVE-2018-23758.1

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could ret...