CVE-2020-6291

Name of the Vulnerable Software and Affected Versions SAP Disclosure Management version 10.1

Description The session mechanism in SAP Disclosure Management does not have expiration data set, allowing unlimited access after authenticating once. This leads to insufficient session expiration, potentially allowing unauthorized access.

Recommendations For SAP Disclosure Management version 10.1, consider implementing a session expiration mechanism to limit the duration of access after a user authenticates. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.