Lucene search

SapCVELIST:CVE-2023-37486

HistoryAug 08, 2023 - 12:56 a.m.

CVE-2023-37486 Information Disclosure vulnerability in SAP Commerce (OCC API)

2023-08-0800:56:51

CWE-200

sap

www.cve.org

sap commerce

information disclosure

vulnerability

cve-2023-37486

occ api

confidentiality

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.4%

JSON

Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Commerce (OCC API)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "HY_COM 2105"
      },
      {
        "status": "affected",
        "version": "HY_COM 2205"
      },
      {
        "status": "affected",
        "version": "COM_CLOUD 2211"
      }
    ]
  }
]

References

me.sap.com/notes/3341934

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.4%

JSON

Related for CVELIST:CVE-2023-37486