CVE-2020-26809
published 2020-11-10CVE-2020-26809: SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | < 1808 | 1808 |
| sap_se | sap_commerce_cloud | < 1811 | 1811 |
| sap_se | sap_commerce_cloud | < 1905 | 1905 |
| sap_se | sap_commerce_cloud | < 2005 | 2005 |