Session Fixation Vulnerability in SAP Disclosure Management 10.1
CVE-2020-6290

4.2MEDIUM

Key Information:

Vendor
SAP
Status
SAP Disclosure Management
Vendor
CVE Published:
14 July 2020

Summary

SAP Disclosure Management 10.1 is susceptible to Session Fixation attacks, where an attacker can manipulate users into adopting a predefined session ID. This flaw allows malicious actors to maintain control over user sessions, potentially leading to unauthorized access and sensitive information exposure. Proper session management and user awareness are critical to mitigating these risks.

Affected Version(s)

SAP Disclosure Management < 1.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2758000
x_refsource_MISC

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.