Sensitive Cookie Without 'HttpOnly' Flag
CVE-2020-6267
Summary
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
- LOW
- NETWORK
- LOW
- UNCHANGED
- REQUIRED
- NONE
- LOW
- NONE
CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
References
Advisory Timeline
- Published
