Lucene search

[email protected]NVD:CVE-2024-41733

HistoryAug 13, 2024 - 4:15 a.m.

CVE-2024-41733

2024-08-1304:15:08

CWE-200

[email protected]

web.nvd.nist.gov

sap commerce

valid user accounts

customer registration

potential attacker

confidentiality

integrity

availability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.7%

JSON

In SAP Commerce, valid user accounts can be
identified during the customer registration and login processes. This allows a
potential attacker to learn if a given e-mail is used for an account, but does
not grant access to any customer data beyond this knowledge. The attacker must
already know the e-mail that they wish to test for. The impact on
confidentiality therefore is low and no impact to integrity or availability

Affected configurations

Nvd

Node

sapcommerceMatchcom_cloud_2211

sapcommerceMatchhy_com_2205

VendorProductVersionCPE
sapcommercecom_cloud_2211cpe:2.3:a:sap:commerce:com_cloud_2211:*:*:*:*:*:*:*
sapcommercehy_com_2205cpe:2.3:a:sap:commerce:hy_com_2205:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	commerce	com_cloud_2211	cpe:2.3:a:sap:commerce:com_cloud_2211:::::::*
sap	commerce	hy_com_2205	cpe:2.3:a:sap:commerce:hy_com_2205:::::::*

References

me.sap.com/notes/3471450

url.sap/sapsecuritypatchday

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

17.7%

JSON

Related for NVD:CVE-2024-41733

cvelist1 vulnrichment1 cve1