CVE-2020-6289 — Cross-Site Request Forgery in SE SAP Disclosure Management

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 72.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Disclosure Management SAP Disclosure Management

Timeline

PublishedJul 14

Latest updateMay 24

Description

SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_disclosure_management< 1.0

▶NVDsap/disclosure_management10.1

🔴Vulnerability Details

GHSA

GHSA-5wx7-4g7m-p3v7: SAP Disclosure Management, version 10↗2022-05-24

▶

CVEList

CVE-2020-6289: SAP Disclosure Management, version 10↗2020-07-14

▶