CVE-2024-39597 [CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce

In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this ca...

CVE-2024-39597 [CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce

In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this ca...

CVE-2024-39597

SAP Commerce contains an authorization issue where an attacker can abuse the Forgot Password flow to gain access to a Composable Storefront B2B site with early login/registration enabled, without merchant approval. If the site is not configured as isolated, access may extend to other non-isolated...

SAP Commerce 授权问题漏洞

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. This product supports sales management, marketing management, order management and operations management. SAP Commerce suffers from an authorization issue vulnerability that originates from a user being able to abuse the...

PT-2024-28548 · Sap · Sap Commerce

Name of the Vulnerable Software and Affected Versions: SAP Commerce affected versions not specified Description: A user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the...