Vulnerability Details CVE-2020-6363
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate active sessions that the user may have with SAP Commerce Cloud web applications, which gives an attacker the opportunity to reuse old session credentials, resulting in Insufficient Session Expiration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.7%
CVSS Severity
CVSS v3 Score 4.6
CVSS v2 Score 4.9
References
Products affected by CVE-2020-6363
-
cpe:2.3:a:sap:commerce_cloud:1808
-
cpe:2.3:a:sap:commerce_cloud:1811
-
cpe:2.3:a:sap:commerce_cloud:1905
-
cpe:2.3:a:sap:commerce_cloud:2005