← Back

CVE-2020-26811

nvd nist
Published: Nov 10, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.

Affected (4)

Sap
1 product
Commerce Cloud (accelerator Payment Mock)
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Commerce Cloud (accelerator Payment Mock)
Version 1808
Commerce Cloud (accelerator Payment Mock)
Version 1811
Commerce Cloud (accelerator Payment Mock)
Version 1905
Commerce Cloud (accelerator Payment Mock)
Version 2005

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (8)

Source: cna@sap.com
Third Party Advisory
Source: cna@sap.com
Mailing ListThird Party Advisory
Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.