Disclosure Management Security Vulnerabilities and Issues — Disclosure Management CVE List

Lucene search

SapDisclosure Management

7 matches found

CVE•added 2020/07/14 1:15 p.m.•41 views

CVE-2020-6291

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration

8.8CVSS8.5AI score0.00153EPSS

CVE•added 2018/04/10 3:29 p.m.•40 views

CVE-2018-2413

SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8CVSS8.8AI score0.00414EPSS

CVE•added 2020/07/14 1:15 p.m.•38 views

CVE-2020-6292

Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.

8.8CVSS8.5AI score0.00198EPSS

CVE•added 2019/02/15 6:29 p.m.•35 views

CVE-2019-0258

SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8CVSS8.8AI score0.00461EPSS

CVE•added 2018/11/13 8:29 p.m.•34 views

CVE-2018-2487

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.

8.3CVSS8AI score0.00722EPSS

CVE•added 2020/07/14 1:15 p.m.•32 views

CVE-2020-6289

SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.

8.8CVSS8.5AI score0.00101EPSS

CVE•added 2018/04/10 3:29 p.m.•30 views

CVE-2018-2412

SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8CVSS8.8AI score0.0043EPSS