Server side request forgery (ssrf)

2020-11-1017:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.3%

JSON

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.

CPENameOperatorVersion
commerce_cloud_\\(accelerator_payment_mock\\)eq1808
commerce_cloud_\\(accelerator_payment_mock\\)eq1811
commerce_cloud_\\(accelerator_payment_mock\\)eq1905
commerce_cloud_\\(accelerator_payment_mock\\)eq2005

Name	Operator	Version
commerce_cloud_\\(accelerator_payment_mock\\)	eq	1808
commerce_cloud_\\(accelerator_payment_mock\\)	eq	1811
commerce_cloud_\\(accelerator_payment_mock\\)	eq	1905
commerce_cloud_\\(accelerator_payment_mock\\)	eq	2005