Vulnerabilities > CVE-2020-6197 - Insufficient Session Expiration vulnerability in SAP Enable NOW 1902

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
sap
CWE-613

Summary

SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables.

Vulnerable Configurations

Part Description Count
Application
Sap
2

Common Weakness Enumeration (CWE)