Symptom
Running AppScan on BusinessObjects Business Intelligence shows vulnerabilities related to JSESSIONID exploits, such as "Session Fixation", and "No proper logout functionality".
- Session Fixation:
The JSESSIONID does not change after a successful login in BI Launchpad and going from the login page to the BI Launchpad Home Page or CMC Home page. - No Proper Logout Functionality:
The JSESSIONID does not change after logging of from BI Launchpad or CMC.
Read more...
Environment
- SAP BusinessObjects Enterprise XI 3.1
- SAP BusinessObjects Business Intelligence 4.x
Product
SAP BusinessObjects Business Intelligence platform 4.0 ; SAP BusinessObjects Business Intelligence platform 4.1 ; SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Enterprise XI 3.1
Keywords
JSESSIONID, vulnerability, exploit, appscan, BI 4.0, BI 4.1, BI 4.2, session fixation, no proper logout fucntionality , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.