CVE-2020-6302
CVE-2020-6302 affects SAP Commerce versions 6.7, 1808, 1811, 1905 and 2005. The backoffice URL exposes the jSession ID on initial load, enabling session fixation with potential access to admin accounts and full compromise of confidentiality, integrity, and availability. Red Hat notes the same CVE...