CVE-2020-26809

Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud versions 1808, 1811, 1905, 2005

Description The issue allows an attacker to bypass existing authentication and permission checks via the "/medias" endpoint, gaining access to Secure Media folders. These folders could contain sensitive files, resulting in the disclosure of sensitive information and impacting system configuration confidentiality.

Recommendations For versions 1808, 1811, 1905, 2005, consider disabling access to the "/medias" endpoint as a temporary workaround until a patch is available. Restrict access to Secure Media folders to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.