SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SAP SE | SAP Commerce Cloud | affected |
|
Configuration 1 [-]
|
No data.
No data.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2020-19345 | SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: sap
Published:
Updated: 2024-08-04T16:03:22.462Z
Reserved: 2020-10-07T00:00:00.000Z
Link: CVE-2020-26809
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-11-10T17:15:13.437
Modified: 2024-11-21T05:20:19.500
Link: CVE-2020-26809
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses