167 matches found
CVE-2024-33003
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...
CVE-2024-33003
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...
CVE-2024-33003 Information Disclosure Vulnerability in SAP Commerce Cloud
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...
CVE-2024-33003 Information Disclosure Vulnerability in SAP Commerce Cloud
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...
PT-2024-6173 · Sap · Sap Commerce Cloud
Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue is related to errors in processing information in the OCC API Endpoint component of SAP Commerce Cloud. This could allow a remote attacker to gain unauthorized access t...
SAP Commerce Cloud 信息泄露漏洞
SAP Commerce Cloud is a cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce Cloud that stems from certain OCC API endpoints that allow...
CVE-2023-42481
In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...
CVE-2023-42481
In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...
Default credentials
In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...
CVE-2023-42481 Improper Access Control vulnerability in SAP Commerce Cloud
In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...
CVE-2023-42481
CVE-2023-42481 affects SAP Commerce Cloud (HY_COM 1905–2205; COM_CLOUD 2211) where a locked B2B user can abuse the forgotten-password flow to unblock and re-gain access when the Composable Storefront is used. Root cause: weak access controls in the forgotten-password mechanism. Implications: impa...
PT-2023-28366 · Sap · Sap Commerce Cloud
Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud versions HY COM 1905 through HY COM 2205, COM CLOUD 2211 Description: A locked B2B user can misuse the forgotten password functionality to un-block their user account again and re-gain access if SAP Commerce Cloud -...
The vulnerability of the Omni Commerce Connect (OCC) application interface in the SAP Commerce Cloud and SAP Hybris Commerce e-commerce platforms allows a hacker to influence the confidentiality of protected information.
The vulnerability of the Omni Commerce Connect OCC application interface in the SAP Commerce Cloud and SAP Hybris Commerce platforms is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of the...
CVE-2023-39439
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase...
CVE-2023-39439
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase...
CVE-2023-39439
CVE-2023-39439 affects SAP Commerce Cloud. The provided connected documents confirm an empty passphrase is accepted for user ID and passphrase authentication, enabling login without a passphrase. Affected product is SAP Commerce Cloud; the underlying issue is authentication accepting an empty pas...
PT-2023-26949 · Sap · Sap Commerce Cloud
Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue allows users to log into the system without a passphrase by accepting an empty passphrase for user ID and passphrase authentication. Recommendations: At the moment, the...
PT-2023-4247 · Sap · Sap Hybris Commerce +1
Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud versions HY COM 2105, HY COM 2205, COM CLOUD 2211 SAP Hybris Commerce versions HY COM 2105, HY COM 2205 Description: The issue is related to the implementation of the Omni Commerce Connect OCC API in SAP Commerce Cloud and...
CVE-2021-33666
When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation...
CVE-2021-33666
When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation...