Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Disclosure_management
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-14 | CVE-2020-6303 | SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting. | Disclosure_management | 5.4 | ||
| 2020-03-10 | CVE-2020-6209 | SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check. | Disclosure_management | 7.5 | ||
| 2020-07-14 | CVE-2020-6267 | Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. | Disclosure_management | 5.4 | ||
| 2020-07-14 | CVE-2020-6289 | SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site. | Disclosure_management | 8.8 | ||
| 2020-07-14 | CVE-2020-6290 | SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID. | Disclosure_management | 6.3 | ||
| 2020-07-14 | CVE-2020-6291 | SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration | Disclosure_management | 8.8 |