CVE-2020-6267

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions SAP Disclosure Management version 10.1

Description The issue concerns sensitive cookies missing the HttpOnly flag in SAP Disclosure Management, which can lead to sensitive cookies being accessed without the HttpOnly flag. This affects the security of the cookies.

Recommendations For SAP Disclosure Management version 10.1, consider configuring the cookies to include the HttpOnly flag to mitigate the risk of sensitive cookie exposure. As a temporary workaround, restrict access to sensitive cookies until a proper fix is applied.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1004CWE-732

Related Identifiers

CVE-2020-6267

Affected Products

Sap Disclosure Management

CVE-2020-6267

Weakness Enumeration

Related Identifiers

Affected Products

References · 5