CVE-2020-26810
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Commerce Cloud (Accelerator Payment Mock) | < 1808 | affected |
| SAP SE | SAP Commerce Cloud (Accelerator Payment Mock) | < 1811 | affected |
| SAP SE | SAP Commerce Cloud (Accelerator Payment Mock) | < 1905 | affected |
| SAP SE | SAP Commerce Cloud (Accelerator Payment Mock) | < 2005 | affected |
Weaknesses
- Denial of Service
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
- https://launchpad.support.sap.com/#/notes/2975170
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
- https://launchpad.support.sap.com/#/notes/2975170
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.