CVE-2020-26811

5.3MEDIUM

Key Information:

Vendor
SAP
Status
SAP Commerce Cloud (accelerator Payment Mock)
Vendor
CVE Published:
10 November 2020

Summary

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.

Affected Version(s)

SAP Commerce Cloud (Accelerator Payment Mock) < 1808 < 1808

SAP Commerce Cloud (Accelerator Payment Mock) < 1811 < 1811

SAP Commerce Cloud (Accelerator Payment Mock) < 1905 < 1905

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2975170
x_refsource_MISC
http://seclists.org/fulldisclosure/2021/Jun/26
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.