CVE-2020-6292

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 58.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Disclosure ManagementSAP Disclosure Management
Timeline
PublishedJul 14
Latest updateMay 24

Description

Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-3p23-x5x3-gwjm: Logout mechanism in SAP Disclosure Management, version 102022-05-24
CVEList
CVE-2020-6292: Logout mechanism in SAP Disclosure Management, version 102020-07-14
CVE-2020-6292 (HIGH CVSS 8.8) | Logout mechanism in SAP Disclosure | cvebase.io