Vulnerability Description
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Enable Now | < 1911 |
Related Weaknesses (CWE)
References
- https://launchpad.support.sap.com/#/notes/2880664Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2880664Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305Vendor Advisory
FAQ
What is CVE-2020-6178?
CVE-2020-6178 is a vulnerability with a CVSS score of 5.4 (MEDIUM). SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.
How severe is CVE-2020-6178?
CVE-2020-6178 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6178?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Enable Now.