Vulnerability CVE-2020-26809
Published: 2020-11-10

Description:
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
SAP Hybris eCommerce Information Disclosure
Gaston Traberg
15.06.2021

Type:

CWE-200

 (Information Exposure)

 References:
https://launchpad.support.sap.com/#/notes/2975189
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
Copyright 2024, cxsecurity.com

 

Back to Top