Authentication Bypass Vulnerability in SAP Commerce Cloud
CVE-2020-26809

5.3MEDIUM

Key Information:

Vendor

SAP
Status
SAP Commerce Cloud
Vendor
CVE Published:
10 November 2020

What is CVE-2020-26809?

SAP Commerce Cloud versions 1808, 1811, 1905, and 2005 have a significant vulnerability that enables attackers to circumvent established authentication and permission checks via the '/medias' endpoint. This breach allows unauthorized access to secure media folders, potentially exposing sensitive files that could disclose confidential information and jeopardize system configuration security.

Affected Version(s)

SAP Commerce Cloud < 1808 < 1808

SAP Commerce Cloud < 1811 < 1811

SAP Commerce Cloud < 1905 < 1905

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2975189
x_refsource_MISC
http://seclists.org/fulldisclosure/2021/Jun/27
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.