CVE-2020-26811

Опубликовано: 10 нояб. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.

Ссылки

http://packetstormsecurity.com/files/163143/SAP-Hybris-eCommerce-Server-Side-Request-Forgery.html
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jun/26
Mailing List
Third Party Advisory
https://launchpad.support.sap.com/#/notes/2975170
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
Vendor Advisory
http://packetstormsecurity.com/files/163143/SAP-Hybris-eCommerce-Server-Side-Request-Forgery.html
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jun/26
Mailing List
Third Party Advisory
https://launchpad.support.sap.com/#/notes/2975170
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:commerce_cloud_\(accelerator_payment_mock\):1808:*:*:*:*:*:*:*

cpe:2.3:a:sap:commerce_cloud_\(accelerator_payment_mock\):1811:*:*:*:*:*:*:*

cpe:2.3:a:sap:commerce_cloud_\(accelerator_payment_mock\):1905:*:*:*:*:*:*:*

cpe:2.3:a:sap:commerce_cloud_\(accelerator_payment_mock\):2005:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00805

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-4wqv-6439-qqq3

github

больше 3 лет назад

EPSS

Процентиль: 74%

0.00805

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918