CVE-2020-6232

EUVD-2020-27382
SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
sapCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2888556
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
https://launchpad.support.sap.com/#/notes/2888556
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202