CVE-2020-26809

Summary

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Commerce Cloud< 1808affected
SAP SESAP Commerce Cloud< 1811affected
SAP SESAP Commerce Cloud< 1905affected
SAP SESAP Commerce Cloud< 2005affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References