CVE-2020-6232

Description

SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

SAP_SE / SAP Commerce< 1811 – < 1811
SAP_SE / SAP Commerce< 1905 – < 1905

References

MISChttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
MISChttps://launchpad.support.sap.com/#/notes/2888556