CVE-2020-6232

Опубликовано: 14 апр. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media.

Ссылки

https://launchpad.support.sap.com/#/notes/2888556
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2888556
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*

cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00248

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-g7xw-pf29-g7fm

github

больше 3 лет назад

SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media.

EPSS

Процентиль: 48%

0.00248

Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-862