sap hana-extended-application-services CVE-2018-2451 is a vulnerability in SAP Hana Extended Application Services
Published on August 14, 2018

XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user's session might misuse the session token even after the session has been closed.

NVD


Products Associated with CVE-2018-2451

Want to know whenever a new CVE is published for SAP Hana Extended Application Services? stack.watch will email you.

 

Affected Versions

SAP HANA Extended Application Services Version 1.0 is affected by CVE-2018-2451

Exploit Probability

EPSS
1.16%
Percentile
63.37%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.