PT-2020-18999 · Sap · Sap Enable Now

Published

2020-03-10

Updated

2020-03-12

CVE-2020-6197

CVSS v3.1

3.8

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP Enable Now versions prior to 1908

Description The issue is related to insufficient session expiration, where session tokens are not invalidated in a timely manner. This may allow attackers with local access to download portables.

Recommendations For SAP Enable Now versions prior to 1908, update to version 1908 or later to resolve the issue. As a temporary workaround, consider implementing additional session management controls to minimize the risk of exploitation.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2020-6197

Affected Products

Sap Enable Now

PT-2020-18999 · Sap · Sap Enable Now

CVE-2020-6197

Weakness Enumeration

Related Identifiers

Affected Products

References · 5