SAP Hybris Commerce Security Vulnerabilities
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code...
9.8CVSS
8.1AI Score
0.003EPSS
SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the...
7.5CVSS
7AI Score
0.003EPSS
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)...
6.1CVSS
6.2AI Score
0.001EPSS
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6,...
6.1CVSS
6AI Score
0.001EPSS
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of...
8.6CVSS
7AI Score
0.002EPSS