CVE-2020-26809

Description

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

SAP_SE / SAP Commerce Cloud< 1808 – < 1808
SAP_SE / SAP Commerce Cloud< 1811 – < 1811
SAP_SE / SAP Commerce Cloud< 1905 – < 1905
SAP_SE / SAP Commerce Cloud< 2005 – < 2005

References

MISChttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
MISChttps://launchpad.support.sap.com/#/notes/2975189
MAILING_LISThttp://seclists.org/fulldisclosure/2021/Jun/27
EXPLOIThttp://packetstormsecurity.com/files/163146/SAP-Hybris-eCommerce-Information-Disclosure.html