{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T02:24:21.404","vulnerabilities":[{"cve":{"id":"CVE-2020-6302","sourceIdentifier":"cna@sap.com","published":"2020-09-09T13:15:11.627","lastModified":"2024-11-21T05:35:28.123","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixation and complete compromise of the confidentiality, integrity and availability of the application."},{"lang":"es","value":"SAP Commerce versiones 6.7, 1808, 1811, 1905, 2005, contienen el ID de jSession en la URL backoffice cuando la aplicación es cargada inicialmente.&#xa0;Un atacante puede obtener este ID de sesión por medio de la navegación de hombro o un ataque de tipo man in the middle y, posteriormente, obtener acceso a las cuentas de usuario de administrador, conllevando a una Fijación de Sesión y al compromiso total de la confidencialidad, integridad y disponibilidad de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV30":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:commerce:6.7:*:*:*:*:*:*:*","matchCriteriaId":"20B6F0DE-3989-47FD-97F0-2F52245D57A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:commerce:1808:*:*:*:*:*:*:*","matchCriteriaId":"F352D085-2B1E-44A9-81C6-2E1F5C249AB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:commerce:1811:*:*:*:*:*:*:*","matchCriteriaId":"27A12336-30BA-439D-A3F2-B7D93D5B52DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:commerce:1905:*:*:*:*:*:*:*","matchCriteriaId":"F665F648-5C35-4EC8-8064-8ED139C8813C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:commerce:2005:*:*:*:*:*:*:*","matchCriteriaId":"C788164A-7724-4CB1-8ADC-B05ADE595020"}]}]}],"references":[{"url":"https://launchpad.support.sap.com/#/notes/2934451","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/2934451","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}