1902

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

sap

CWE-613

NVD

Published: 2020-03-10

Updated: 2020-03-12

Summary

SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Enable NOW - SAP Enable NOW 10 SAP Enable NOW 1902	3

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
https://launchpad.support.sap.com/#/notes/2845363