CVE-2020-26811

Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud (Accelerator Payment Mock) versions 1808, 1811, 1905, 2005

Description The issue allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL, which will be processed without further interaction. This leads to a Server Side Request Forgery attack, potentially allowing the retrieval of limited pieces of information about the service with no impact on integrity or availability.

Recommendations For versions 1808, 1811, 1905, 2005, consider disabling the vulnerable module until a patch is available. Restrict access to the SAP Commerce module URL to minimize the risk of exploitation. Avoid using the vulnerable SAP Commerce module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.