EUVD-2018-14318

Malware in sbrugna...

EUVD-2014-8701

Malware in sbrugna...

The vulnerability of the Omni Commerce Connect (OCC) application interface in the SAP Commerce Cloud and SAP Hybris Commerce e-commerce platforms allows a hacker to influence the confidentiality of protected information.

The vulnerability of the Omni Commerce Connect OCC application interface in the SAP Commerce Cloud and SAP Hybris Commerce platforms is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of the...

PT-2023-4247 · Sap · Sap Hybris Commerce +1

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud versions HY COM 2105, HY COM 2205, COM CLOUD 2211 SAP Hybris Commerce versions HY COM 2105, HY COM 2205 Description: The issue is related to the implementation of the Omni Commerce Connect OCC API in SAP Commerce Cloud and...

The vulnerability of the SAP Hybris Commerce e-commerce platform, related to the lack of measures for cleaning incoming data, allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the SAP Hybris Commerce e-commerce platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2019-0238

Summary: SAP Commerce (formerly SAP Hybris Commerce) before version 6.7 contains an XSS vulnerability caused by insufficient encoding of user-controlled inputs. This is documented in multiple sources (NVD CVE-2019-0238 and CNVD entry). Affected scope: pre-6.7 versions; no exact exploitation detai...

CVE-2018-2505

SAP Commerce (Hybris) storefronts are affected by an input validation issue that can lead to Cross-Site Scripting (XSS). The vulnerability arises from insufficient validation of user-controlled inputs. Fixed in SAP Hybris Commerce versions 6.2, 6.3, 6.4, 6.5, 6.6, and 6.7. The CVE describes a cli...

CVE-2018-2505

SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability in storefronts that are based on the product. Fixed in versions SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7...

SAP Hybris Commerce Omni Commerce Connect API Server-Side Request Forgery Vulnerability

SAP Hybris Commerce is a SAP solution for handling high visitor and order volumes in e-commerce, and the Omni Commerce Connect API OCC is one of the full-service connectivity APIs. A server-side request forgery vulnerability exists in OCC in SAP Hybris Commerce version 6. The vulnerability stems...

CVE-2018-2463

The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...

CVE-2018-2463

The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...

Server side request forgery (ssrf)

The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...

CVE-2018-2463

The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...

CVE-2018-2463

SAP Hybris Commerce OCC API (Omni Commerce Connect) in version 6.* is vulnerable to SSRF due to misconfiguration of the XML parser in the server-side implementation. The issue enables potential unauthorized operations by an attacker who can trigger SSRF requests from the OCC server; impact is des...

CVE-2014-8871

Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier...

Directory traversal

Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier...

CVE-2014-8871

Hybris Commerce Software Suite v5.x has a Directory Traversal / Arbitrary File Disclosure vulnerability (CVE-2014-8871). The flaw affects releases up to and including: 5.3.0.1, 5.2.0.3, 5.1.1.2, 5.1.0.1, 5.0.4.4, 5.0.3.3, and 5.0.0.3. Root cause: the media retrieval path uses a Base64-encoded con...

CVE-2014-8871

Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier...

hybris Commerce Directory Traversal Vulnerability (Feb 2015) - Active Check

hybris Commerce Software Suite is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite

Advisory: Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite During a penetration test, RedTeam Pentesting discovered a Directory Traversal vulnerability in hybris Commerce software suite. This vulnerability allows attackers to download arbitrary files of any size...