Insufficient Session Expiration in SAP Disclosure Management 10.1

Insufficient Session Expiration in SAP Disclosure Management 10.1

CVE-2020-6291 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration

Learn more about our Web Application Penetration Testing UK.