CVE-2018-2408

Name of the Vulnerable Software and Affected Versions: SAP Business Objects versions 4.0 through 4.30

Description: The issue is related to improper session management. When a user's password is changed, all other active sessions created using the older password remain active. This could potentially allow a remote attacker to gain unauthorized access.

Recommendations: For SAP Business Objects versions 4.0 through 4.30, consider implementing a session invalidation mechanism upon password change to prevent unauthorized access. As a temporary workaround, restrict access to the CMC/BI Launchpad/Fiorified BI Launchpad to minimize the risk of exploitation.