SAP Disclosure Management CVE-2020-6303 Input Validation Security Vulnerability

Description

SAP Disclosure Management is prone to a security vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to obtain sensitive information, access or modify data within the context of the affected application; this may aid in further attacks. SAP Disclosure Management 10.1 is vulnerable; other versions may also be affected.

Technologies Affected

• SAP Disclosure Management 10.1

Recommendations

Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn’t needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
NIDS may identify and block generic attacks against web applications. Detecting and filtering SQL statements may reduce the likelihood of successful exploits.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Updates are available. Please see the references or vendor advisory for more information.