SAP Commerce 代码注入漏洞

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. This product supports sales management, marketing management, order management and operations management. A security vulnerability exists in SAP Commerce 1808, 1811, 1905, 2005, 2011, which allows certain authorized user...

CVE-2021-21445

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attack...

SAP Commerce Cloud Server-Side Request Forgery Vulnerability

SAP Commerce Cloud is a cloud-native omnichannel commerce solution for B2B, B2C and B2B2C companies. A server-side request forgery vulnerability exists in SAP Commerce Cloud 1808, 1811, 1905, 2005. An attacker could exploit the vulnerability by submitting a specially crafted request to a specific...

CVE-2020-26811

SAP Commerce Cloud Accelerator Payment Mock, versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Reque...

Cross site scripting

SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited,...