CVE-2020-6178
5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Enable Now | < before version 1911 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/2880664
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
References
- https://launchpad.support.sap.com/#/notes/2880664
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.