CVE-2020-26810
HIGHSAP Commerce Cloud (Accelerator Payment Mock) 1808/1811/1905/2005 - DoS via Crafted Request
Title source: llmDescription
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2975170
Scores
CVSS v3
7.5
EPSS
0.0118
EPSS Percentile
79.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (4)
sap/commerce_cloud_\(accelerator_payment_mock\)
1808
sap/commerce_cloud_\(accelerator_payment_mock\)
1811
sap/commerce_cloud_\(accelerator_payment_mock\)
1905
sap/commerce_cloud_\(accelerator_payment_mock\)
2005
Published
Nov 10, 2020
Tracked Since
Feb 18, 2026