Insecure Session Management in SAP Business Objects Business Intelligence Platform
CVE-2026-24318

4.2MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-24318?

An insecure session management vulnerability exists in the SAP Business Objects Business Intelligence Platform that allows an unauthenticated attacker to exploit valid session tokens. By reusing these tokens, the attacker can seize control of an authenticated user's session, potentially leading to unauthorized access and manipulation of sensitive information. This increases the risk to data confidentiality and integrity, as the attacker may conduct activities within the scope of the victim's session, which could have serious implications for the security of the affected systems.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform ENTERPRISE 430

SAP BusinessObjects Business Intelligence Platform 2025

SAP BusinessObjects Business Intelligence Platform 2027

References

https://me.sap.com/notes/3702191

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jan 21, 2026

CVE-2026-24318 Data

JSON