Insufficient Session Expiration in SAP Disclosure Management 10.1
CVE-2020-6291 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration
Learn more about our Web Application Penetration Testing UK.