Session Cookie Vulnerability in SAP Enable Now by SAP
CVE-2019-0341
8.8HIGH
What is CVE-2019-0341?
The session cookie utilized by SAP Enable Now, specifically in version 1902, lacks the HttpOnly flag. This oversight permits potential attackers to execute scripts within the application context, leading to unauthorized access to the session cookie. If compromised, this cookie could facilitate further access to the application, posing a significant security risk.
Affected Version(s)
SAP Enable Now < 1902