CVE-2020-6265

Published Jun 9, 2020

Last updated 3 months ago

CVSS critical 9.8

Overview

Description: SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials.
Source: cna@sap.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 3.0

Type: Secondary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

cna@sap.com: CWE-798
nvd@nist.gov: CWE-798

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:commerce:6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20B6F0DE-3989-47FD-97F0-2F52245D57A1"
          },
          {
            "criteria": "cpe:2.3:a:sap:commerce:1808:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F352D085-2B1E-44A9-81C6-2E1F5C249AB4"
          },
          {
            "criteria": "cpe:2.3:a:sap:commerce:1811:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27A12336-30BA-439D-A3F2-B7D93D5B52DC"
          },
          {
            "criteria": "cpe:2.3:a:sap:commerce:1905:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F665F648-5C35-4EC8-8064-8ED139C8813C"
          },
          {
            "criteria": "cpe:2.3:a:sap:commerce_data_hub:6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99ACEB84-0AEB-438D-93BB-4CE4CC5047DF"
          },
          {
            "criteria": "cpe:2.3:a:sap:commerce_data_hub:1808:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7595660F-77F1-4512-B9C9-596F513E8DFC"
          },
          {
            "criteria": "cpe:2.3:a:sap:commerce_data_hub:1811:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "623BF378-FA6E-4110-818A-B4E69F3071B7"
          },
          {
            "criteria": "cpe:2.3:a:sap:commerce_data_hub:1905:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F7D9F96-93D8-42EE-83B4-0B2AB8800923"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References