CVE-2020-6264

EUVD-2020-27414
SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
sapCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
sapcommerce
6.7
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2906366
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775
https://launchpad.support.sap.com/#/notes/2906366
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775