Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued tokens after authentication, the attacker could assume the victim�s authenticated context. This could allow the attacker to access or modify information within the victim�s session scope, impacting confidentiality and integrity, while availability remains unaffected.
Exploitability
AV:NAC:HPR:NUI:RScope
S:UImpact
C:LI:LA:N4.2/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NOther