cnvd - cnvd-2020-62472

CNVD-2020-62472

Vulnerability from cnvd - Published: 2020-11-12

Title

SAP Commerce Cloud服务器端请求伪造漏洞

Description

SAP Commerce Cloud是面向B2B、B2C和B2B2C公司的云原生全渠道商务解决方案。 SAP Commerce Cloud 1808、1811、1905、2005存在服务器端请求伪造漏洞。攻击者可通过向特定的SAP Commerce模块URL提交特制请求利用该漏洞检索有关服务的有限信息。

Severity

中

Patch Name

SAP Commerce Cloud服务器端请求伪造漏洞的补丁

Patch Description

SAP Commerce Cloud是面向B2B、B2C和B2B2C公司的云原生全渠道商务解决方案。 SAP Commerce Cloud 1808、1811、1905、2005存在服务器端请求伪造漏洞。攻击者可通过向特定的SAP Commerce模块URL提交特制请求利用该漏洞检索有关服务的有限信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-26811

Impacted products

Name
['SAP SAP Commerce Cloud 1808', 'SAP SAP Commerce Cloud 1811', 'SAP SAP Commerce Cloud 1905', 'SAP SAP Commerce Cloud 2005']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-26811",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-26811"
    }
  },
  "description": "SAP Commerce Cloud\u662f\u9762\u5411B2B\u3001B2C\u548cB2B2C\u516c\u53f8\u7684\u4e91\u539f\u751f\u5168\u6e20\u9053\u5546\u52a1\u89e3\u51b3\u65b9\u6848\u3002\n\nSAP Commerce Cloud 1808\u30011811\u30011905\u30012005\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u7279\u5b9a\u7684SAP Commerce\u6a21\u5757URL\u63d0\u4ea4\u7279\u5236\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u6709\u5173\u670d\u52a1\u7684\u6709\u9650\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-62472",
  "openTime": "2020-11-12",
  "patchDescription": "SAP Commerce Cloud\u662f\u9762\u5411B2B\u3001B2C\u548cB2B2C\u516c\u53f8\u7684\u4e91\u539f\u751f\u5168\u6e20\u9053\u5546\u52a1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nSAP Commerce Cloud 1808\u30011811\u30011905\u30012005\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u7279\u5b9a\u7684SAP Commerce\u6a21\u5757URL\u63d0\u4ea4\u7279\u5236\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u6709\u5173\u670d\u52a1\u7684\u6709\u9650\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Commerce Cloud\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP SAP Commerce Cloud 1808",
      "SAP SAP Commerce Cloud 1811",
      "SAP SAP Commerce Cloud 1905",
      "SAP SAP Commerce Cloud 2005"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-26811",
  "serverity": "\u4e2d",
  "submitTime": "2020-11-11",
  "title": "SAP Commerce Cloud\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2020-26811 (GCVE-0-2020-26811)

Vulnerability from cvelistv5 – Published: 2020-11-10 16:12 – Updated: 2024-08-04 16:03

Summary

SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Server-Side Request Forgery

Assigner

sap

References

URL

Tags

	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2975170	x_refsource_MISC
	http://seclists.org/fulldisclosure/2021/Jun/26	mailing-listx_refsource_FULLDISC
	http://packetstormsecurity.com/files/163143/SAP-H…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SAP SE	SAP Commerce Cloud (Accelerator Payment Mock)	Affected: < 1808 Affected: < 1811 Affected: < 1905 Affected: < 2005

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:03:22.453Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2975170"
          },
          {
            "name": "20210614 Onapsis Security Advisory 2021-0006: [CVE-2020-26811] - SAP Hybris eCommerce - SSRF in acceleratorservices module",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Jun/26"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163143/SAP-Hybris-eCommerce-Server-Side-Request-Forgery.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP Commerce Cloud (Accelerator Payment Mock)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1808"
            },
            {
              "status": "affected",
              "version": "\u003c 1811"
            },
            {
              "status": "affected",
              "version": "\u003c 1905"
            },
            {
              "status": "affected",
              "version": "\u003c 2005"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Server-Side Request Forgery",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-15T20:06:45",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2975170"
        },
        {
          "name": "20210614 Onapsis Security Advisory 2021-0006: [CVE-2020-26811] - SAP Hybris eCommerce - SSRF in acceleratorservices module",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Jun/26"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/163143/SAP-Hybris-eCommerce-Server-Side-Request-Forgery.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-26811",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Commerce Cloud (Accelerator Payment Mock)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "1808"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "1811"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "1905"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "2005"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2975170",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2975170"
            },
            {
              "name": "20210614 Onapsis Security Advisory 2021-0006: [CVE-2020-26811] - SAP Hybris eCommerce - SSRF in acceleratorservices module",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Jun/26"
            },
            {
              "name": "http://packetstormsecurity.com/files/163143/SAP-Hybris-eCommerce-Server-Side-Request-Forgery.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/163143/SAP-Hybris-eCommerce-Server-Side-Request-Forgery.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2020-26811",
    "datePublished": "2020-11-10T16:12:03",
    "dateReserved": "2020-10-07T00:00:00",
    "dateUpdated": "2024-08-04T16:03:22.453Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-62472

CVE-2020-26811 (GCVE-0-2020-26811)

Tags

Sightings

Nomenclature