CVE-2018-2451

Name of the Vulnerable Software and Affected Versions SAP HANA Extended Application Services (XS) version 1

Description The XS Command-Line Interface (CLI) user sessions may have an unintentional prolonged period of validity, allowing a platform user to access controller resources via an active CLI session even after authorizations have been revoked by an administrator. An attacker who gains access to the platform user's session could misuse the session token even after the session has been closed.

Recommendations For SAP HANA Extended Application Services (XS) version 1, consider restricting access to the CLI until a fix is available to prevent unauthorized use of session tokens. As a temporary workaround, regularly close and re-authenticate CLI sessions to minimize the risk of exploitation.