SAP Commerce 安全漏洞

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. This product supports sales management, marketing management, order management and operations management. An information disclosure vulnerability exists in SAP Commerce versions 1808, 1811, 1905, 2005, and 2011. An...

SAP Commerce Cloud Denial of Service Vulnerability

SAP Commerce Cloud is a cloud-native omnichannel commerce solution for B2B, B2C and B2B2C companies. A denial of service vulnerability exists in SAP Commerce Cloud 1808, 1811, 1905, 2005. An attacker could exploit this vulnerability by submitting a specially crafted request to a specific SAP...

CVE-2020-26810

SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerc...

Session fixation

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate...

PT-2020-19034 · Sap · Sap Commerce

Name of the Vulnerable Software and Affected Versions: SAP Commerce versions 6.6, 6.7, 1808, 1811, 1905 Description: The issue is related to the insecure processing of XML input in the Rest API from the Servlet xyformsweb, leading to Missing XML Validation. This affects the confidentiality and...

Cross site scripting

The SAP Commerce SmartEdit Extension, versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting XSS that exploits the templating facilities of the angular framework...