CVE-2020-6267
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.5
Source: NVD
Description
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
Affected (1)
Products: Sap: Disclosure Management
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.1 |
Related CWEs
CWE-1004
Sensitive Cookie Without 'HttpOnly' Flag
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References (4)
Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Timeline
No history available yet.