First published: Tue Mar 10 2020(Updated: )
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP Enable Now | <1908 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-6197.
The title of this vulnerability is 'SAP Enable Now before version 1908 does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.'
The severity of CVE-2020-6197 is low, with a severity value of 3.3.
SAP Enable Now versions before 1908 are affected by CVE-2020-6197.
The vulnerability can be exploited by attackers with local access who can still download the portables.
It is recommended to update to version 1908 or later of SAP Enable Now to fix CVE-2020-6197.