Lucene search
K

167 matches found

NVD
NVD
added 2024/08/13 4:15 a.m.32 views

CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

9.1CVSS0.00475EPSS
Exploits0References2
OSV
OSV
added 2024/08/13 4:15 a.m.3 views

CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/13 3:36 a.m.32 views

CVE-2024-33003 Information Disclosure Vulnerability in SAP Commerce Cloud

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

7.4CVSS0.00475EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/13 3:36 a.m.24 views

CVE-2024-33003 Information Disclosure Vulnerability in SAP Commerce Cloud

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

7.4CVSS6.8AI score0.00475EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.6 views

PT-2024-6173 · Sap · Sap Commerce Cloud

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue is related to errors in processing information in the OCC API Endpoint component of SAP Commerce Cloud. This could allow a remote attacker to gain unauthorized access t...

9.4CVSS7.2AI score0.00475EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.4 views

SAP Commerce Cloud 信息泄露漏洞

SAP Commerce Cloud is a cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce Cloud that stems from certain OCC API endpoints that allow...

9.1CVSS6.1AI score0.00475EPSS
Exploits0References4
OSV
OSV
added 2023/12/12 1:15 a.m.3 views

CVE-2023-42481

In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...

8.1CVSS5.7AI score0.00521EPSS
Exploits0References2
NVD
NVD
added 2023/12/12 1:15 a.m.16 views

CVE-2023-42481

In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...

8.1CVSS0.00521EPSS
Exploits0References2
Prion
Prion
added 2023/12/12 1:15 a.m.15 views

Default credentials

In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...

5.5CVSS7.3AI score0.00521EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/12 1:0 a.m.22 views

CVE-2023-42481 Improper Access Control vulnerability in SAP Commerce Cloud

In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...

8.1CVSS8.3AI score0.00521EPSS
Exploits0References2
CVE
CVE
added 2023/12/12 1:0 a.m.35 views

CVE-2023-42481

CVE-2023-42481 affects SAP Commerce Cloud (HY_COM 1905–2205; COM_CLOUD 2211) where a locked B2B user can abuse the forgotten-password flow to unblock and re-gain access when the Composable Storefront is used. Root cause: weak access controls in the forgotten-password mechanism. Implications: impa...

8.1CVSS8.1AI score0.00521EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.4 views

PT-2023-28366 · Sap · Sap Commerce Cloud

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud versions HY COM 1905 through HY COM 2205, COM CLOUD 2211 Description: A locked B2B user can misuse the forgotten password functionality to un-block their user account again and re-gain access if SAP Commerce Cloud -...

8.1CVSS7.1AI score0.00521EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/08/11 12:0 a.m.5 views

The vulnerability of the Omni Commerce Connect (OCC) application interface in the SAP Commerce Cloud and SAP Hybris Commerce e-commerce platforms allows a hacker to influence the confidentiality of protected information.

The vulnerability of the Omni Commerce Connect OCC application interface in the SAP Commerce Cloud and SAP Hybris Commerce platforms is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of the...

5.9CVSS7.2AI score0.00435EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2023/08/08 1:15 a.m.24 views

CVE-2023-39439

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase...

9.8CVSS9AI score0.00614EPSS
Exploits0References2
OSV
OSV
added 2023/08/08 1:15 a.m.4 views

CVE-2023-39439

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase...

9.8CVSS5.8AI score0.00614EPSS
Exploits0References2
CVE
CVE
added 2023/08/08 12:49 a.m.94 views

CVE-2023-39439

CVE-2023-39439 affects SAP Commerce Cloud. The provided connected documents confirm an empty passphrase is accepted for user ID and passphrase authentication, enabling login without a passphrase. Affected product is SAP Commerce Cloud; the underlying issue is authentication accepting an empty pas...

9.8CVSS9.2AI score0.00614EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.4 views

PT-2023-26949 · Sap · Sap Commerce Cloud

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue allows users to log into the system without a passphrase by accepting an empty passphrase for user ID and passphrase authentication. Recommendations: At the moment, the...

9.8CVSS6.8AI score0.00614EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.6 views

PT-2023-4247 · Sap · Sap Hybris Commerce +1

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud versions HY COM 2105, HY COM 2205, COM CLOUD 2211 SAP Hybris Commerce versions HY COM 2105, HY COM 2205 Description: The issue is related to the implementation of the Omni Commerce Connect OCC API in SAP Commerce Cloud and...

7.5CVSS7AI score0.00435EPSS
Exploits0References8
NVD
NVD
added 2021/06/09 2:15 p.m.26 views

CVE-2021-33666

When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation...

6.1CVSS0.00543EPSS
Exploits0References2
OSV
OSV
added 2021/06/09 2:15 p.m.5 views

CVE-2021-33666

When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation...

6.1CVSS5.8AI score0.00543EPSS
Exploits0References2
Rows per page
Query Builder