Lucene search

K
cvelistSapCVELIST:CVE-2020-6290
HistoryJul 14, 2020 - 12:30 p.m.

CVE-2020-6290

2020-07-1412:30:14
sap
www.cve.org
7
sap disclosure management
session fixation
version 10.1

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

40.8%

SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.

CNA Affected

[
  {
    "product": "SAP Disclosure Management",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.0"
      }
    ]
  }
]

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

40.8%

Related for CVELIST:CVE-2020-6290