Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-6287
PUBLISHED: 2020-07-14

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions – 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create a…

CVE-2020-6289
PUBLISHED: 2020-07-14

SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.

CVE-2020-6290
PUBLISHED: 2020-07-14

SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.

CVE-2020-6291
PUBLISHED: 2020-07-14

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration

CVE-2020-6292
PUBLISHED: 2020-07-14

Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.

Follow me for more information.

X