2447490 - JSESSIONID "vulnerabilities" in SAP BusinessObjects XI 3.1 / 4.0 / 4.1 / 4.2 | SAP Knowledge Base Article

SAP Knowledge Base Article - Preview

2447490 - JSESSIONID "vulnerabilities" in SAP BusinessObjects XI 3.1 / 4.0 / 4.1 / 4.2

Symptom

Running AppScan on BusinessObjects Business Intelligence shows vulnerabilities related to JSESSIONID exploits, such as "Session Fixation", and "No proper logout functionality".

  • Session Fixation:
    The JSESSIONID does not change after a successful login in BI Launchpad and going from the login page to the BI Launchpad Home Page.
  • No Proper Logout Functionality:
    The JSESSIONID does not change after logging of from BI Launchpad.

Read more...

Environment

  • SAP BusinessObjects Enterprise XI 3.1
  • SAP BusinessObjects Business Intelligence 4.x

Product

SAP BusinessObjects Business Intelligence platform 4.0 ; SAP BusinessObjects Business Intelligence platform 4.1 ; SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Enterprise XI 3.1

Keywords

JSESSIONID, vulnerability, exploit, appscan, BI 4.0, BI 4.1, BI 4.2, session fixation, no proper logout fucntionality , KBA , BI-BIP-DEP , SBOP Web Application Deployment, Wdeploy , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.