CVE-2020-6232

SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
sapCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2888556
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
https://launchpad.support.sap.com/#/notes/2888556
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202