Lucene search
K

4 matches found

NVD
NVD
added 2024/12/10 1:15 a.m.16 views

CVE-2024-47577

Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating ...

2.7CVSS0.00196EPSS
Exploits0References2
Circl
Circl
added 2024/12/10 12:35 a.m.7 views

CVE-2024-47577

creationtimestamp| type| source ---|---|--- 2024-12-10 00:35:42+00:00| seen| https://infosec.exchange/users/cve/statuses/113625723170573536 2024-12-10 03:15:48+00:00| seen| https://t.me/cvedetector/12471...

2.7CVSS4.8AI score0.00196EPSS
Exploits0References2
CVE
CVE
added 2024/12/10 12:11 a.m.102 views

CVE-2024-47577

CVE-2024-47577 affects SAP Commerce Cloud’s Webservice API endpoints in the Assisted Service Module. The root cause is that a search request for customer data embeds data in the URL, which is logged server-side, enabling an attacker with admin impersonation to view leaked customer data via logs. ...

2.7CVSS3.7AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/10 12:11 a.m.20 views

CVE-2024-47577 Information Disclosure vulnerability in SAP Commerce Cloud

Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating ...

2.7CVSS0.00196EPSS
Exploits0References2
Rows per page
Query Builder