CVE-2020-26810

Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud (Accelerator Payment Mock) versions 1808, 1811, 1905, 2005

Description The issue allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL, which will be processed without further interaction. This crafted request can render the SAP Commerce service itself unavailable, leading to Denial of Service with no impact on confidentiality or integrity.

Recommendations For versions 1808, 1811, 1905, 2005, consider restricting access to the SAP Commerce module URL to minimize the risk of exploitation. As a temporary workaround, consider disabling the vulnerable SAP Commerce module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.