Lucene search
+L

169 matches found

cnvd
cnvd
added 2020/11/11 12:0 a.m.1 views

SAP Commerce Cloud Denial of Service Vulnerability

SAP Commerce Cloud is a cloud-native omnichannel commerce solution for B2B, B2C and B2B2C companies. A denial of service vulnerability exists in SAP Commerce Cloud 1808, 1811, 1905, 2005. An attacker could exploit this vulnerability by submitting a specially crafted request to a specific SAP...

7.5CVSS6.7AI score0.0112EPSS
Exploits0References1
cnvd
cnvd
added 2020/11/11 12:0 a.m.2 views

SAP Commerce Cloud Information Disclosure Vulnerability

SAP Commerce Cloud is a cloud-native omnichannel commerce solution for B2B, B2C and B2B2C companies. An information disclosure vulnerability exists in SAP Commerce Cloud 1808, 1811, 1905, 2005. An attacker can bypass existing authentication and permission checks via the '/medias' endpoint, which...

5.3CVSS6.4AI score0.02045EPSS
Exploits1References1
cnvd
cnvd
added 2020/11/11 12:0 a.m.2 views

SAP Commerce Cloud Server-Side Request Forgery Vulnerability

SAP Commerce Cloud is a cloud-native omnichannel commerce solution for B2B, B2C and B2B2C companies. A server-side request forgery vulnerability exists in SAP Commerce Cloud 1808, 1811, 1905, 2005. An attacker could exploit the vulnerability by submitting a specially crafted request to a specific...

5.3CVSS6.6AI score0.01756EPSS
Exploits0References1
osv
osv
added 2020/11/10 5:15 p.m.3 views

CVE-2020-26810

SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerc...

7.5CVSS7.1AI score0.0112EPSS
Exploits0References2
nvd
nvd
added 2020/11/10 5:15 p.m.17 views

CVE-2020-26811

SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Reque...

5.3CVSS5.2AI score0.01756EPSS
Exploits0References4
nvd
nvd
added 2020/11/10 5:15 p.m.12 views

CVE-2020-26810

SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerc...

7.5CVSS7.5AI score0.0112EPSS
Exploits0References2
nvd
nvd
added 2020/11/10 5:15 p.m.41 views

CVE-2020-26809

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...

5.3CVSS5.2AI score0.02045EPSS
Exploits1References4
osv
osv
added 2020/11/10 5:15 p.m.3 views

CVE-2020-26811

SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Reque...

5.3CVSS5.7AI score0.01756EPSS
Exploits0References4
osv
osv
added 2020/11/10 5:15 p.m.4 views

CVE-2020-26809

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...

5.3CVSS6.1AI score0.02045EPSS
Exploits1References4
prion
prion
added 2020/11/10 5:15 p.m.16 views

Server side request forgery (ssrf)

SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Reque...

5CVSS5.3AI score0.01756EPSS
Exploits0References4Affected Software1
prion
prion
added 2020/11/10 5:15 p.m.23 views

Design/Logic Flaw

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...

5CVSS5.3AI score0.02045EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2020/11/10 4:20 p.m.17 views

CVE-2020-26810

SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerc...

7.5CVSS7.5AI score0.0112EPSS
Exploits0References2
cvelist
cvelist
added 2020/11/10 4:12 p.m.18 views

CVE-2020-26811

SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Reque...

5.3CVSS5.3AI score0.01756EPSS
Exploits0References4
cve
cve
added 2020/11/10 4:12 p.m.40 views

CVE-2020-26811

CVE-2020-26811 affects SAP Commerce Cloud (Accelerator Payment Mock) versions 1808, 1811, 1905, and 2005. The cited issue is a Server-Side Request Forgery (SSRF) where an unauthenticated attacker can submit a crafted request to a specific SAP Commerce module URL, which is processed without furthe...

5.3CVSS5.2AI score0.01756EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2020/11/10 4:10 p.m.29 views

CVE-2020-26809

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and...

5.3CVSS5.3AI score0.02045EPSS
Exploits1References4
cve
cve
added 2020/11/10 4:10 p.m.61 views

CVE-2020-26809

SAP Commerce Cloud (versions 1808, 1811, 1905, 2005) is affected by CVE-2020-26809 where an attacker can bypass authentication/permission checks via the /medias endpoint, gaining access to Secure Media folders and potentially exposing sensitive data. The root cause is not fully detailed beyond th...

5.3CVSS5.2AI score0.02045EPSS
Exploits1References4Affected Software1
cnvd
cnvd
added 2020/10/21 12:0 a.m.1 views

SAP Commerce Cloud Cross-Site Scripting Vulnerability

SAP Commerce Cloud is a cloud-based e-commerce platform. A cross-site script execution vulnerability exists in SAP Commerce Cloud versions 1808, 1811, 1905, and 2005. The vulnerability stems from the program not properly encoding user input. An attacker could exploit this recording vulnerability ...

5.4CVSS6.8AI score0.00536EPSS
Exploits0References1
cnvd
cnvd
added 2020/10/21 12:0 a.m.4 views

Unspecified Vulnerability in SAP Commerce Cloud

SAP Commerce Cloud is an e-commerce cloud platform from SAP Germany. The platform provides enterprise-level e-commerce business support. There is a security vulnerability in SAP Commerce Cloud and no details of the vulnerability are provided at this time...

4.9CVSS6.8AI score0.0053EPSS
Exploits0References1
osv
osv
added 2020/10/15 2:15 a.m.3 views

CVE-2020-6363

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate...

4.6CVSS6.7AI score0.0053EPSS
Exploits0References2
osv
osv
added 2020/10/15 2:15 a.m.6 views

CVE-2020-6272

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited,...

5.4CVSS6.3AI score0.00536EPSS
Exploits0References2
Rows per page
Query Builder