Vulnerability Description
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Commerce Cloud | 1808 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163146/SAP-Hybris-eCommerce-Information-DisThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jun/27ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2975189Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571Vendor Advisory
- http://packetstormsecurity.com/files/163146/SAP-Hybris-eCommerce-Information-DisThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jun/27ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2975189Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571Vendor Advisory
FAQ
What is CVE-2020-26809?
CVE-2020-26809 is a vulnerability with a CVSS score of 5.3 (MEDIUM). SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. T...
How severe is CVE-2020-26809?
CVE-2020-26809 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26809?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Commerce Cloud.