Information Disclosure Vulnerability in SAP Enable Now by SAP
CVE-2020-6178

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Enable Now
Vendor: CVE Published:; 10 March 2020

What is CVE-2020-6178?

SAP Enable Now prior to version 1911 exposes sensitive information due to the inappropriate handling of session identifiers. The Session ID cookie is transmitted in the URL, which can be inadvertently logged or accessed through browser histories. This flawed mechanism may allow unauthorized parties to exploit the exposed Session ID, potentially leading to information breaches and unauthorized access to protected resources.

Affected Version(s)

SAP Enable Now < before version 1911

References

https://launchpad.support.sap.com/#/notes/2880664

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Jan 8, 2020