A note with CVSS 6.3 for component EPM-DSM-GEN was released by SAP on 14.07.2020. The correction/advisory 2758000 was described with "[CVE-2020-6267] Multiple vulnerabilities in SAP Disclosure Management" and affects the system type SAP Disclosure Management.
A workaround does not exist, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance.
The vulnerability addressed is cross-site request forgery (xsrf) session fixation vulnerability insufficient security function within SAP Disclosure Management.
Risk specificationThis note addresses 5 security vulnerabilities in SAP Disclosure Management. Allowing unauthenticated attacker to carry out multiple attackes against the session management or perform a cross-site request forgery attack.
The 5 vulnerabilities in this note have been corrected.
The advisory is valid for