Missing Authorization Check in SAP Commerce Allows Unauthorized Access to Secure Media

Missing Authorization Check in SAP Commerce Allows Unauthorized Access to Secure Media

CVE-2020-6232 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media.

Learn more about our User Device Pen Test.