CVE-2026-24318
Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform
CVSS Score
4.2
EPSS Score
0.0%
EPSS Percentile
10th
Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued tokens after authentication, the attacker could assume the victim�s authenticated context. This could allow the attacker to access or modify information within the victim�s session scope, impacting confidentiality and integrity, while availability remains unaffected.
| Vendor | sap_se |
| Product | sap businessobjects business intelligence platform |
| Published | Apr 14, 2026 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap businessobjects business intelligence platform
Be the first to know when new medium vulnerabilities affecting sap_se sap businessobjects business intelligence platform are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
SAP_SE / SAP BusinessObjects Business Intelligence Platform
ENTERPRISE 430 2025 2027