CVE-2020-26811 - SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 190 - CVEs Blog

SAP Commerce Cloud (Accelerator Payment Mock), versions – 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26811

Reference (s):

FULLDISC:20210614 Onapsis Security Advisory 2021-0006: [CVE-2020-26811] – SAP Hybris eCommerce – SSRF in acceleratorservices module
URL: http://seclists.org/fulldisclosure/2021/Jun/26
http://packetstormsecurity.com/files/163143/SAP-Hybris-eCommerce-Server-Side-Request-Forgery.html
https://launchpad.support.sap.com/#/notes/2975170
URL: https://launchpad.support.sap.com/#/notes/2975170

CVE-2020-26811 – SAP Commerce Cloud (Accelerator Payment Mock), versions – 1808, 1811, 190

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2020-11610 - An issue was discovered in xdLocalStorage through 2.0.5. The postData() f

CVE-2020-27199 - The Magic Home Pro application 1.5.1 for Android allows Authentication By

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

Categories

Partners

Just add here your partners image or promo text