PT-2020-19082 · Sap · Sap Disclosure Management

Published

2020-07-14

·

Updated

2020-07-14

·

CVE-2020-6292

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SAP Disclosure Management version 10.1
Description The logout mechanism in the affected software does not properly invalidate one of the session cookies, resulting in insufficient session expiration.
Recommendations For SAP Disclosure Management version 10.1, update to a version that properly handles session cookie invalidation after logout to prevent insufficient session expiration.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2020-6292

Affected Products

Sap Disclosure Management