Vulnerability Details CVE-2020-15243
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.8%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 7.5
References
Products affected by CVE-2020-15243
-
cpe:2.3:a:smartstore:smartstore:4.0.0
-
cpe:2.3:a:smartstore:smartstore:4.0.1