Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Commerce Cloud Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2019-0344

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.

9.8CVSS

9.7AI Score

0.003EPSS

2019-08-14 02:15 PM
109
cve
cve

CVE-2020-6238

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.

9.3CVSS

9AI Score

0.003EPSS

2020-04-14 07:15 PM
34
cve
cve

CVE-2023-39439

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.

9.8CVSS

9.2AI Score

0.002EPSS

2023-08-08 01:15 AM
38
cve
cve

CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloudallows Personally Identifiable Information (PII) data, such as passwords, emailaddresses, mobile numbers, coupon codes, and voucher codes, to be included inthe request URL as query or path parameters. On successful exploitation, thiscould lead to a High i...

9.1CVSS

7.4AI Score

0.001EPSS

2024-08-13 04:15 AM
38