CVE-2020-6267

Medium

Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only…

sap·CWE-1004·Published 2020-07-14

CVSS

5.4

EPSS

0.01

KEV

Exploits

cve.orgen

145 chars

Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.

NVDen

145 chars

Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.

NVDes

168 chars

Algunas cookies confidenciales en SAP Disclosure Management, versión 10.1, están careciendo de flag HttpOnly, conllevando a cookies confidenciales sin el flag Http Only

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
3.0	Primary	cve.org	6.3	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L