CVE-2020-26809

Sažetak

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.

Reference

https://launchpad.support.sap.com/#/notes/2975189
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
http://seclists.org/fulldisclosure/2021/Jun/27
http://packetstormsecurity.com/files/163146/SAP-Hybris-eCommerce-Information-Disclosure.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-06-2021 - 17:21

Objavljeno

10-11-2020 - 17:15