5 matches found
CVE-2021-27619
SAP Commerce Backoffice Search, versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the...
CVE-2021-27619
SAP Commerce Backoffice Search, versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the...
Information disclosure
SAP Commerce Backoffice Search, versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the...
CVE-2021-27619
SAP Commerce Backoffice Search, versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the...
CVE-2021-27619
The CVE-2021-27619 issue affects SAP Commerce (Backoffice Search) and is present in versions 1808, 1811, 1905, 2005, and 2011. A low-privilege user can perform a masked attribute search and, by iteratively entering one character at a time, infer the actual value of masked attributes, resulting in...