CVE-2020-6178

medium

Description

SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305

https://launchpad.support.sap.com/#/notes/2880664

Details

Source: Mitre, NVD

Published: 2020-03-10

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N