CVE-2020-6267
Severity
5.4MEDIUM
EPSS
0.2%
top 61.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 14
Latest updateMay 24
Description
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5