Commerce Cloud@2005 Security Vulnerabilities and Issues — Commerce Cloud@2005 CVE List

Lucene search

SapCommerce Cloud2005

3 matches found

CVE•added 2020/10/15 2:15 a.m.•67 views

CVE-2020-6272

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, result...

5.4CVSS5.2AI score0.00162EPSS

CVE•added 2020/10/15 2:15 a.m.•61 views

CVE-2020-6363

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate ac...

4.9CVSS4.6AI score0.0021EPSS

CVE•added 2020/11/10 5:15 p.m.•47 views

CVE-2020-26809

SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and im...

5.3CVSS5.2AI score0.00262EPSS