CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6267
https://notcve.org/view.php?id=CVE-2020-6267
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. Algunas cookies confidenciales en SAP Disclosure Management, versión 10.1, están careciendo de flag HttpOnly, conllevando a cookies confidenciales sin el flag Http Only • https://launchpad.support.sap.com/#/notes/2758000 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6292
https://notcve.org/view.php?id=CVE-2020-6292
Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration. Un mecanismo de Cierre de Sesión en SAP Disclosure Management, versión 10.1, no invalida una de las sesión de cookies, conllevando a una Insuficiente Expiración de Sesión • https://launchpad.support.sap.com/#/notes/2758000 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6209
https://notcve.org/view.php?id=CVE-2020-6209
SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check. SAP Disclosure Management, versión 10.1, no realiza las comprobaciones de autorización necesarias para un usuario autenticado, permitiendo el acceso a las cuentas de administración por parte de un usuario sin roles, conllevando a una Falta de Comprobación de Autorización. • https://launchpad.support.sap.com/#/notes/2858044 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6303
https://notcve.org/view.php?id=CVE-2020-6303
SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. SAP Disclosure Management, versiones anteriores a 10.1, no comprueba la entrada del usuario apropiadamente en casos de uso específicos conllevando a una vulnerabilidad de tipo Cross-Site Scripting. • https://launchpad.support.sap.com/#/notes/2772325 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0254
https://notcve.org/view.php?id=CVE-2019-0254
SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP Disclosure Management (en versiones anteriores a la 10.1 Stack 1301) no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107004 https://launchpad.support.sap.com/#/notes/2706798 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •