169 matches found
SAP Commerce Cloud Denial of Service Vulnerability
SAP Commerce Cloud is a cloud-native omnichannel commerce solution for B2B, B2C and B2B2C companies. A denial of service vulnerability exists in SAP Commerce Cloud 1808, 1811, 1905, 2005. An attacker could exploit this vulnerability by submitting a specially crafted request to a specific SAP...
SAP Commerce Cloud Information Disclosure Vulnerability
SAP Commerce Cloud is a cloud-native omnichannel commerce solution for B2B, B2C and B2B2C companies. An information disclosure vulnerability exists in SAP Commerce Cloud 1808, 1811, 1905, 2005. An attacker can bypass existing authentication and permission checks via the '/medias' endpoint, which...
SAP Commerce Cloud Server-Side Request Forgery Vulnerability
SAP Commerce Cloud is a cloud-native omnichannel commerce solution for B2B, B2C and B2B2C companies. A server-side request forgery vulnerability exists in SAP Commerce Cloud 1808, 1811, 1905, 2005. An attacker could exploit the vulnerability by submitting a specially crafted request to a specific...
CVE-2020-26810
SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerc...
CVE-2020-26811
SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Reque...
CVE-2020-26810
SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerc...
CVE-2020-26809
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...
CVE-2020-26811
SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Reque...
CVE-2020-26809
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...
Server side request forgery (ssrf)
SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Reque...
Design/Logic Flaw
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...
CVE-2020-26810
SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerc...
CVE-2020-26811
SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Reque...
CVE-2020-26811
CVE-2020-26811 affects SAP Commerce Cloud (Accelerator Payment Mock) versions 1808, 1811, 1905, and 2005. The cited issue is a Server-Side Request Forgery (SSRF) where an unauthenticated attacker can submit a crafted request to a specific SAP Commerce module URL, which is processed without furthe...
CVE-2020-26809
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...
CVE-2020-26809
SAP Commerce Cloud (versions 1808, 1811, 1905, 2005) is affected by CVE-2020-26809 where an attacker can bypass authentication/permission checks via the /medias endpoint, gaining access to Secure Media folders and potentially exposing sensitive data. The root cause is not fully detailed beyond th...
SAP Commerce Cloud Cross-Site Scripting Vulnerability
SAP Commerce Cloud is a cloud-based e-commerce platform. A cross-site script execution vulnerability exists in SAP Commerce Cloud versions 1808, 1811, 1905, and 2005. The vulnerability stems from the program not properly encoding user input. An attacker could exploit this recording vulnerability ...
Unspecified Vulnerability in SAP Commerce Cloud
SAP Commerce Cloud is an e-commerce cloud platform from SAP Germany. The platform provides enterprise-level e-commerce business support. There is a security vulnerability in SAP Commerce Cloud and no details of the vulnerability are provided at this time...
CVE-2020-6363
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate...
CVE-2020-6272
SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited,...