VYPR
Unrated severityNVD Advisory· Published Mar 10, 2020· Updated Aug 4, 2024

CVE-2020-6178

CVE-2020-6178

Description

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.

Affected products

2
  • SAP/Enable Nowllm-fuzzy
    Range: < 1911
  • SAP SE/SAP Enable Nowv5
    Range: < before version 1911

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.