CVE-2020-6267
First published: Tue Jul 14 2020(Updated: )
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Disclosure Management | =10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in SAP Disclosure Management version 10.1?
The vulnerability ID for this issue in SAP Disclosure Management version 10.1 is CVE-2020-6267.
What is the severity of CVE-2020-6267?
The severity of CVE-2020-6267 is medium with a CVSS score of 5.4.
What is the impact of CVE-2020-6267?
CVE-2020-6267 allows an attacker to access sensitive cookies without the HttpOnly flag.
How can I fix the vulnerability in SAP Disclosure Management version 10.1?
To fix the vulnerability, update SAP Disclosure Management to version 10.1 or higher and ensure that all sensitive cookies have the HttpOnly flag set.
Where can I find more information about CVE-2020-6267?
You can find more information about CVE-2020-6267 in the SAP Note 2758000 and the SAP Community Network wiki.
- collector/nvd-index
- agent/type
- agent/references
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/sap
- canonical/sap disclosure management
- version/sap disclosure management/10.1