How severe is CVE-2020-6302?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2020-6302?

This is classified as CWE-384, which is a common weakness in software security.

CVE-2020-6302 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application.

Related Vulnerabilities

CVE-2022-3269

MEDIUM

CVSS:6.4(Medium)

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7.

CWE-3842022

CVE-2024-42171

MEDIUM

CVSS:6.4(Medium)

HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session.

CWE-3842024

CVE-2010-3671

MEDIUM

CVSS:6.5(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.

CWE-3842010

CVE-2017-1368

MEDIUM

CVSS:6.5(Medium)

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by s...

CWE-3842017

CVE-2018-0229

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive...

CWE-3842018

CVE-2018-1000519

MEDIUM

CVSS:6.5(Medium)

aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage...

CWE-3842018