CVE-2020-6291 Information

Description

SAP Disclosure Management version 10.1 session mechanism does not have expiration data set therefore allows unlimited access after authenticating once leading to Insufficient Session Expiration

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://launchpad.support.sap.com//notes/2758000 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8