CVE-2020-6302

SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application.

CVSS v3 8.1 HIGH
CVSS v2.0 7.5 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://launchpad.support.sap.com/#/notes/2934451	Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700	Vendor Advisory
https://launchpad.support.sap.com/#/notes/2934451	Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:commerce:6.7:::::::*
	cpe:2.3:a:sap:commerce:1808:::::::*
	cpe:2.3:a:sap:commerce:1811:::::::*
	cpe:2.3:a:sap:commerce:1905:::::::*
	cpe:2.3:a:sap:commerce:2005:::::::*

History

21 Nov 2024, 05:35

Type	Values Removed	Values Added
References	~~() https://launchpad.support.sap.com/#/notes/2934451 - Permissions Required~~	() https://launchpad.support.sap.com/#/notes/2934451 - Permissions Required
References	~~() https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 - Vendor Advisory~~	() https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 - Vendor Advisory

Information

Published : 2020-09-09 13:15

Updated : 2024-11-21 05:35

NVD link : CVE-2020-6302

Mitre link : CVE-2020-6302

CVE.ORG link : CVE-2020-6302

JSON object : View

Products Affected

sap

commerce

CWE

CWE-384

Session Fixation

NVD-CWE-noinfo

{"id": "CVE-2020-6302", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2020-09-09T13:15:11.627", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2934451", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2934451", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-384"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application."}, {"lang": "es", "value": "SAP Commerce versiones 6.7, 1808, 1811, 1905, 2005, contienen el ID de jSession en la URL backoffice cuando la aplicaci\u00f3n es cargada inicialmente. Un atacante puede obtener este ID de sesi\u00f3n por medio de la navegaci\u00f3n de hombro o un ataque de tipo man in the middle y, posteriormente, obtener acceso a las cuentas de usuario de administrador, conllevando a una Fijaci\u00f3n de Sesi\u00f3n y al compromiso total de la confidencialidad, integridad y disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2024-11-21T05:35:28.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:commerce:6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20B6F0DE-3989-47FD-97F0-2F52245D57A1"}, {"criteria": "cpe:2.3:a:sap:commerce:1808:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F352D085-2B1E-44A9-81C6-2E1F5C249AB4"}, {"criteria": "cpe:2.3:a:sap:commerce:1811:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27A12336-30BA-439D-A3F2-B7D93D5B52DC"}, {"criteria": "cpe:2.3:a:sap:commerce:1905:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F665F648-5C35-4EC8-8064-8ED139C8813C"}, {"criteria": "cpe:2.3:a:sap:commerce:2005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C788164A-7724-4CB1-8ADC-B05ADE595020"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}