CVE-2020-6197

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
3.3LOW
EPSS
0.2%
top 56.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Enable NOWSAP Enable NOW
Timeline
PublishedMar 10
Latest updateMay 24

Description

SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDsap/enable_now< 1908
CVEListV5sap_se/sap_enable_now< before version 1908

🔴Vulnerability Details

2
GHSA
GHSA-5gvv-3x4q-5hp6: SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner2022-05-24
CVEList
CVE-2020-6197: SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner2020-03-10
CVE-2020-6197 (LOW CVSS 3.3) | SAP Enable Now | cvebase.io