CVE-2018-2442

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence versions 4.0 through 4.2

Description The issue allows user session details to be captured by an HTTP analysis tool and reused in an HTML page while the user session is still valid, potentially leading to unauthorized access. This occurs when viewing a Web Intelligence report from BI Launchpad.

Recommendations For versions 4.0 through 4.2, consider restricting access to sensitive reports and implementing additional session validation to minimize the risk of exploitation. As a temporary workaround, restrict the use of HTTP analysis tools to prevent session details from being captured.