Running AppScan on BusinessObjects Business Intelligence shows vulnerabilities related to JSESSIONID exploits, such as "Session Fixation", and "No proper logout functionality".
- Session Fixation:
The JSESSIONID does not change after a successful login in BI Launchpad and going from the login page to the BI Launchpad Home Page.
- No Proper Logout Functionality:
The JSESSIONID does not change after logging of from BI Launchpad.
- SAP BusinessObjects Enterprise XI 3.1
- SAP BusinessObjects Business Intelligence 4.x
JSESSIONID, vulnerability, exploit, appscan, BI 4.0, BI 4.1, BI 4.2, session fixation, no proper logout fucntionality , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.