SAP Commerce Cloud: Authentication Bypass and Secure Media Folder Disclosure Vulnerability

SAP Commerce Cloud: Authentication Bypass and Secure Media Folder Disclosure Vulnerability

CVE-2020-26809 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.

Learn more about our Cloud Audit.