PT-2020-18984 · Sap · Sap Enable Now

Published

2020-03-10

Updated

2021-07-21

CVE-2020-6178

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP Enable Now versions prior to 1911

Description The issue allows the Session ID cookie value to be sent in the URL, which could be stolen from browser history or log files, leading to information disclosure.

Recommendations For versions prior to 1911, update to version 1911 or later to resolve the issue. As a temporary workaround, consider restricting access to browser history and log files to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2020-6178

Affected Products

Sap Enable Now

PT-2020-18984 · Sap · Sap Enable Now

CVE-2020-6178

Weakness Enumeration

Related Identifiers

Affected Products

References · 5