CVE-2020-6178

CWE-200Information ExposureCWE-613Insufficient Session Expiration3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 68.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Enable NOWSAP Enable NOW
Timeline
PublishedMar 10
Latest updateMay 24

Description

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDsap/enable_now< 1911
CVEListV5sap_se/sap_enable_now< before version 1911

🔴Vulnerability Details

2
GHSA
GHSA-r568-9m64-gfrv: SAP Enable Now, before version 1911, sends the Session ID cookie value in URL2022-05-24
CVEList
CVE-2020-6178: SAP Enable Now, before version 1911, sends the Session ID cookie value in URL2020-03-10
CVE-2020-6178 (MEDIUM CVSS 5.4) | SAP Enable Now | cvebase.io