CVE-2020-6291

EUVD-2020-27441
SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
sapdisclosure_management
10.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2758000
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
https://launchpad.support.sap.com/#/notes/2758000
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675