Required CVE Record Information
Description
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 5.3 | MEDIUM | 3.0 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References 4 Total
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
- https://launchpad.support.sap.com/#/notes/2975189
- seclists.org: 20210614 Onapsis Security Advisory 2021-0007: Exposure of Sensitive Information to an Unauthorized Actor mailing-list
- http://packetstormsecurity.com/files/163146/SAP-Hybris-eCommerce-Information-Disclosure.html
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 x_transferred
- https://launchpad.support.sap.com/#/notes/2975189 x_transferred
- seclists.org: 20210614 Onapsis Security Advisory 2021-0007: Exposure of Sensitive Information to an Unauthorized Actor mailing-listx_transferred
- http://packetstormsecurity.com/files/163146/SAP-Hybris-eCommerce-Information-Disclosure.html x_transferred