Vulnerabilities > SAP > Commerce > 6.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-6302 | Unspecified vulnerability in SAP Commerce SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. | 8.1 |
| 2020-06-10 | CVE-2020-6264 | Unspecified vulnerability in SAP Commerce SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure. | 7.5 |
| 2020-06-09 | CVE-2020-6265 | Use of Hard-coded Credentials vulnerability in SAP Commerce and Commerce Data HUB SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials. | 9.8 |