Lucene search

SapCVELIST:CVE-2020-6290

HistoryJul 14, 2020 - 12:30 p.m.

CVE-2020-6290

2020-07-1412:30:14

sap

www.cve.org

sap disclosure management

session fixation

version 10.1

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

40.8%

JSON

SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.

CNA Affected

[
  {
    "product": "SAP Disclosure Management",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.0"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2758000

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

40.8%

JSON

Related for CVELIST:CVE-2020-6290