Description
Under certain circumstances
- ABAP Server of SAP NetWeaver and ABAP Platform fails to invalidate HTTP Security Sessions immediately when user logs-off.
- HTTP Security Sessions do not time out automatically when an ABAP application server is stopped.
Available fix and Supported packages
- KRNL32NUC | 7.21 | 7.21
- KRNL32NUC | 7.21EXT | 7.21EXT
- KRNL32UC | 7.21 | 7.21
- KRNL32UC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.21 | 7.21
- KRNL64NUC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.22 | 7.22
- KRNL64NUC | 7.22EXT | 7.22EXT
- KRNL64NUC | 7.49 | 7.49
- KRNL64UC | 7.21 | 7.21
- KRNL64UC | 7.21EXT | 7.21EXT
- KRNL64UC | 7.22 | 7.22
- KRNL64UC | 7.22EXT | 7.22EXT
- KRNL64UC | 7.49 | 7.49
- KRNL64UC | 7.53 | 7.53
- KRNL64UC | 7.73 | 7.73
- KERNEL | 7.21 | 7.22
- KERNEL | 7.45 | 7.45
- KERNEL | 7.49 | 7.49
- KERNEL | 7.53 | 7.53
- KERNEL | 7.73 | 7.73
- SAP KERNEL 7.21 32-BIT | SP1211 | 001211
- SAP KERNEL 7.21 32-BIT UNICODE | SP1211 | 001211
- SAP KERNEL 7.21 64-BIT | SP1211 | 001211
- SAP KERNEL 7.21 64-BIT UNICODE | SP1211 | 001211
- SAP KERNEL 7.21 EXT 64-BIT | SP1211 | 001211
- SAP KERNEL 7.21 EXT 64-BIT UC | SP1211 | 001211
- SAP KERNEL 7.22 64-BIT | SP722 | 000722
- SAP KERNEL 7.22 64-BIT UNICODE | SP722 | 000722
- SAP KERNEL 7.22 EXT 64-BIT | SP722 | 000722
- SAP KERNEL 7.22 EXT 64-BIT UC | SP722 | 000722
- SAP KERNEL 7.45 64-BIT | SP834 | 000834
- SAP KERNEL 7.45 64-BIT UNICODE | SP834 | 000834
- SAP KERNEL 7.49 64-BIT | SP625 | 000625
- SAP KERNEL 7.49 64-BIT UNICODE | SP625 | 000625
- SAP KERNEL 7.53 64-BIT | SP400 | 000400
- SAP KERNEL 7.53 64-BIT UNICODE | SP400 | 000400
- SAP KERNEL 7.73 64-BIT UNICODE | SP110 | 000110
Affected component
- BC-SEC-LGN
Authentication
CVSS
Score: 5.0
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2748048
