The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the context of the application, he could get access to the session cookie. The session cookie could then be abused to gain access to the application.

Related CVEs

CVE-2019-0341

Key Information

GHSA ID

GHSA-3cjx-w9jj-45qv

Published

May 24, 2022 4:53 PM

Last Modified

May 24, 2022 4:53 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 27, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.