Lucene search
K
SapCommerce

10 matches found

CVE
CVE
added 2021/04/13 6:41 p.m.67 views

CVE-2021-27602

CVE-2021-27602 affects SAP Commerce Backoffice in versions 1808, 1811, 1905, 2005, 2011. The backoffice allows certain authorized users to create source rules, which are translated to Drools rules when published to certain modules. The vulnerability arises when an attacker with this authorization...

9.9CVSS8.4AI score0.02001EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.64 views

CVE-2022-41204

CVE-2022-41204 affects SAP Commerce versions 1905–2205 and targets the login page. A manipulated URL can inject client-side code to change the login form submission, redirecting data to an attacker-controlled server. This enables credential theft and account hijacking, impacting confidentiality, ...

8.8CVSS8.7AI score0.0076EPSS
CVE
CVE
added 2024/08/13 3:52 a.m.63 views

CVE-2024-41733

Concrete details from connected sources confirm a candidate vulnerability in SAP Commerce: an information-disclosure issue that allows an attacker to determine whether a given email is associated with a valid user account during registration or login. The impact is confined to confidentiality (lo...

5.3CVSS5.3AI score0.00312EPSS
CVE
CVE
added 2021/11/10 3:24 p.m.60 views

CVE-2021-40502

CVE-2021-40502 affects SAP Commerce versions 2105.3, 2011.13, 2005.18, and 1905.34. The issue stems from missing authorization checks for an authenticated user, enabling privilege escalation to access and edit data from B2B units the user does not belong to. The NVD entry lists CVSS v3.1 base sco...

8.8CVSS8.7AI score0.00802EPSS
CVE
CVE
added 2021/12/14 3:44 p.m.58 views

CVE-2021-42064

SAP Commerce (versions 1905, 2005, 2105, 2011) is vulnerable when configured to use Oracle DB and a query is built with the Flexible Search Java API using a parameterized IN clause that accepts more than 1000 values. The root cause is not explicitly described beyond this parameterized IN clause b...

9.8CVSS9.1AI score0.01091EPSS
CVE
CVE
added 2021/02/09 8:43 p.m.55 views

CVE-2021-21477

CVE-2021-21477 affects SAP Commerce Cloud versions 1808, 1811, 1905, 2005 and 2011. A misconfiguration of default user permissions lets certain users with required privileges edit DroolsRule ruleContents, enabling injection of malicious code that leads to Remote Code Execution and impacts confide...

9.9CVSS9.4AI score0.29847EPSS
CVE
CVE
added 2020/06/09 6:24 p.m.50 views

CVE-2020-6265

CVE-2020-6265 concerns SAP Commerce and SAP Commerce (Data Hub) prior to patched builds. Affected versions include SAP Commerce 6.7, 1808, 1811, 1905 and SAP Commerce (Data Hub) 6.7, 1808, 1811, 1905. The issue arises from the use of hardcoded credentials, allowing an attacker to bypass authentic...

9.8CVSS9.5AI score0.0136EPSS
CVE
CVE
added 2021/05/11 2:19 p.m.49 views

CVE-2021-27619

The CVE-2021-27619 issue affects SAP Commerce (Backoffice Search) and is present in versions 1808, 1811, 1905, 2005, and 2011. A low-privilege user can perform a masked attribute search and, by iteratively entering one character at a time, infer the actual value of masked attributes, resulting in...

6.5CVSS6.1AI score0.00823EPSS
CVE
CVE
added 2020/09/09 12:52 p.m.48 views

CVE-2020-6302

CVE-2020-6302 affects SAP Commerce versions 6.7, 1808, 1811, 1905 and 2005. The backoffice URL exposes the jSession ID on initial load, enabling session fixation with potential access to admin accounts and full compromise of confidentiality, integrity, and availability. Red Hat notes the same CVE...

8.1CVSS7.9AI score0.00805EPSS
CVE
CVE
added 2020/06/10 12:45 p.m.47 views

CVE-2020-6264

SAP Commerce (versions 6.7, 1808, 1811, 1905) is affected by an information-disclosure vulnerability. The available connected sources indicate an attacker could access information that should be restricted under certain conditions. The exact root cause, vulnerable component/file, exploit details,...

8.6CVSS7.3AI score0.00972EPSS