4 matches found
CVE-2024-47577
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating ...
CVE-2024-47577
creationtimestamp| type| source ---|---|--- 2024-12-10 00:35:42+00:00| seen| https://infosec.exchange/users/cve/statuses/113625723170573536 2024-12-10 03:15:48+00:00| seen| https://t.me/cvedetector/12471...
CVE-2024-47577
CVE-2024-47577 affects SAP Commerce Cloud’s Webservice API endpoints in the Assisted Service Module. The root cause is that a search request for customer data embeds data in the URL, which is logged server-side, enabling an attacker with admin impersonation to view leaked customer data via logs. ...
CVE-2024-47577 Information Disclosure vulnerability in SAP Commerce Cloud
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating ...