5.3

CVE-2020-26809

Exploit
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPCommerce Cloud Version1808
SAPCommerce Cloud Version1811
SAPCommerce Cloud Version1905
SAPCommerce Cloud Version2005
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.494
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
cna@sap.com 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

http://seclists.org/fulldisclosure/2021/Jun/27
Third Party Advisory
Exploit
Mailing List
https://launchpad.support.sap.com/#/notes/2975189
Vendor Advisory
Permissions Required