CVE-2023-37486 Information Disclosure vulnerability in SAP Commerce (OCC API)

🗓️ 08 Aug 2023 00:56:51Reported by sapType

SAP Commerce Information Disclosure CVE-2023-37486

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the Omni Commerce Connect (OCC) application interface in the SAP Commerce Cloud and SAP Hybris Commerce e-commerce platforms allows a hacker to influence the confidentiality of protected information.	11 Aug 202300:00	–	bdu_fstec
Circl	CVE-2023-37486	8 Aug 202307:13	–	circl
CNNVD	SAP Commerce Information Disclosure Vulnerability	8 Aug 202300:00	–	cnnvd
CVE	CVE-2023-37486	8 Aug 202300:56	–	cve
EUVD	EUVD-2023-41373	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	9 Aug 202300:00	–	ncsc
NVD	CVE-2023-37486	8 Aug 202301:15	–	nvd
OSV	CVE-2023-37486	8 Aug 202301:15	–	osv
Prion	Design/Logic Flaw	8 Aug 202301:15	–	prion
Positive Technologies	PT-2023-4247 · Sap · Sap Hybris Commerce +1	7 Jun 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Commerce (OCC API)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "HY_COM 2105"
      },
      {
        "status": "affected",
        "version": "HY_COM 2205"
      },
      {
        "status": "affected",
        "version": "COM_CLOUD 2211"
      }
    ]
  }
]

Source	Link
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
me	www.me.sap.com/notes/3341934

28 Sep 2024 22:04Current

7.5High risk

Vulners AI Score7.5

CVSS 3.15.9

EPSS0.00185

CWE-524