Insecure Session Management in SAP Enable Now Allows Unauthorized Account Access

Insecure Session Management in SAP Enable Now Allows Unauthorized Account Access

CVE-2022-35293 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.

Learn more about our User Device Pen Test.