What is the severity of CVE-2018-2451?

CVE-2018-2451 is classified as a medium severity vulnerability due to its potential for unauthorized access to user sessions.

How do I fix CVE-2018-2451?

To fix CVE-2018-2451, ensure that the user sessions in SAP HANA Extended Application Services are configured to expire appropriately.

Who is affected by CVE-2018-2451?

CVE-2018-2451 affects users of SAP HANA Extended Application Services version 1.0 who utilize the CLI.

What type of vulnerability is CVE-2018-2451?

CVE-2018-2451 is a session management vulnerability that can lead to unauthorized access if session validity is not correctly managed.

What impact does CVE-2018-2451 have on users?

CVE-2018-2451 allows a platform user to access protected controller resources through an active CLI session for longer than intended.

Vulnerability/
CVE-2018-2451

medium

6.6

CWE

613

14/8/2018

5/8/2024

CVE-2018-2451

First published: Tue Aug 14 2018(Updated: )

XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP HANA Extended Application Services, Advanced Model	=1.0

Remedy

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-2451?
CVE-2018-2451 is classified as a medium severity vulnerability due to its potential for unauthorized access to user sessions.
How do I fix CVE-2018-2451?
To fix CVE-2018-2451, ensure that the user sessions in SAP HANA Extended Application Services are configured to expire appropriately.
Who is affected by CVE-2018-2451?
CVE-2018-2451 affects users of SAP HANA Extended Application Services version 1.0 who utilize the CLI.
What type of vulnerability is CVE-2018-2451?
CVE-2018-2451 is a session management vulnerability that can lead to unauthorized access if session validity is not correctly managed.
What impact does CVE-2018-2451 have on users?
CVE-2018-2451 allows a platform user to access protected controller resources through an active CLI session for longer than intended.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/references
agent/weakness
agent/severity
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/sap
canonical/sap hana extended application services, advanced model
version/sap hana extended application services, advanced model/1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.