CVE-2020-6232

CWE-862Missing Authorization3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 51.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP CommerceSAP Commerce Cloud
Timeline
PublishedApr 14
Latest updateMay 24

Description

SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5sap_se/sap_commerce< 1811+1
NVDsap/commerce_cloud1811, 1905+1

🔴Vulnerability Details

2
GHSA
GHSA-g7xw-pf29-g7fm: SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check2022-05-24
CVEList
CVE-2020-6232: SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check2020-04-14
CVE-2020-6232 (MEDIUM CVSS 5.3) | SAP Commerce | cvebase.io