SapCVE-2022-41204CVE-2022-41204
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.5%
An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | commerce | 1905 | cpe:2.3:a:sap:commerce:1905:*:*:*:*:*:*:* |
| sap | commerce | 2005 | cpe:2.3:a:sap:commerce:2005:*:*:*:*:*:*:* |
| sap | commerce | 2011 | cpe:2.3:a:sap:commerce:2011:*:*:*:*:*:*:* |
| sap | commerce | 2105 | cpe:2.3:a:sap:commerce:2105:*:*:*:*:*:*:* |
| sap | commerce | 2205 | cpe:2.3:a:sap:commerce:2205:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "SAP SE",
"product": "SAP Commerce",
"versions": [
{
"version": "1905",
"status": "affected"
},
{
"version": "2005",
"status": "affected"
},
{
"version": "2105",
"status": "affected"
},
{
"version": "2011",
"status": "affected"
},
{
"version": "2205",
"status": "affected"
}
]
}
]References
Social References
More
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.5%