Lucene search
K
SapCommerce Cloud

18 matches found

CVE
CVE
added 2023/08/08 12:56 a.m.2511 views

CVE-2023-37486

Summary : CVE-2023-37486 corresponds to an information-disclosure issue in SAP Commerce (OCC API). The affected components are SAP Commerce Cloud/Hybris with OCC API endpoints HY_COM 2105, HY_COM 2205, and COM_CLOUD 2211. According to the provided documents, under certain conditions these endpoin...

7.5CVSS6.1AI score0.00435EPSS
CVE
CVE
added 2019/08/14 1:53 p.m.344 views

CVE-2019-0344

CVE-2019-0344 affects SAP Commerce Cloud (Hybris) via unsafe deserialization in the virtualjdbc extension, impacting versions 6.4–6.7, 1808, 1811, 1905. This allows arbitrary code execution with Hybris user rights (Code Injection). Connected sources corroborate the vulnerability and its impact. R...

9.8CVSS9.7AI score0.07079EPSS
In wild
CVE
CVE
added 2019/07/10 7:0 p.m.137 views

CVE-2019-0322

CVE-2019-0322 affects SAP Commerce Cloud (HY_COM) with versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811. The connected documents describe that an attacker can prevent legitimate users from accessing a service, either by crashing or flooding it, indicating a denial-of-service impact. The root cause is...

7.5CVSS7.4AI score0.02555EPSS
CVE
CVE
added 2021/01/12 2:42 p.m.128 views

CVE-2021-21445

CVE-2021-21445 affects SAP Commerce Cloud releases 1808, 1811, 1905, 2005, and 2011, where an authenticated attacker can cause invalid data to be sent in the HTTP Content-Type header due to input validation issues. This could enable advanced attacks such as cross-site scripting and page hijacking...

5.4CVSS5.1AI score0.00635EPSS
CVE
CVE
added 2024/08/13 3:36 a.m.97 views

CVE-2024-33003

CVE-2024-33003 affects SAP Commerce Cloud via the OCC API Endpoint component. The root issue is that certain OCC API endpoints may include PII (passwords, emails, mobile numbers, coupon/voucher codes) in the request URL as query or path parameters, leading to potential disclosure and integrity im...

9.1CVSS7.4AI score0.00475EPSS
CVE
CVE
added 2023/08/08 12:49 a.m.94 views

CVE-2023-39439

CVE-2023-39439 affects SAP Commerce Cloud. The provided connected documents confirm an empty passphrase is accepted for user ID and passphrase authentication, enabling login without a passphrase. Affected product is SAP Commerce Cloud; the underlying issue is authentication accepting an empty pas...

9.8CVSS9.2AI score0.00614EPSS
CVE
CVE
added 2020/03/10 8:18 p.m.92 views

CVE-2020-6200

SAP Commerce SmartEdit Extension (versions 6.6, 6.7, 1808, 1811) is affected by a client-side AngularJS template injection vulnerability (a type of XSS) in Angular templating facilities. Root cause: improper handling of template data in the client, per the CVE-2020-6200 descriptions. Impact is XS...

5.4CVSS5.4AI score0.00536EPSS
CVE
CVE
added 2020/03/10 8:19 p.m.92 views

CVE-2020-6201

CVE-2020-6201 affects SAP Commerce (Testweb Extension) versions 6.6, 6.7, 1808, 1811, 1905. The vulnerability is a reflected Cross-Site Scripting (XSS) due to insufficient encoding of user-controlled inputs, where certain GET URL parameters are reflected in HTTP responses without proper escaping....

6.1CVSS6.2AI score0.00781EPSS
CVE
CVE
added 2020/10/15 1:46 a.m.83 views

CVE-2020-6272

The CVE-2020-6272 issue affects SAP Commerce Cloud (versions 1808, 1811, 1905, 2005) and arises from insufficient input encoding in web CMS components. The root cause is improper encoding of user inputs, enabling an authenticated and authorized content manager to inject malicious script into seve...

5.4CVSS5.2AI score0.00529EPSS
CVE
CVE
added 2020/10/15 1:53 a.m.75 views

CVE-2020-6363

CVE-2020-6363 affects SAP Commerce Cloud (versions 1808, 1811, 1905, 2005). The root cause is insufficient session expiration: when a user changes their passphrase, active sessions remain valid, enabling reuse of old session credentials by an attacker. Public documents describe the issue but do n...

4.9CVSS4.6AI score0.00523EPSS
CVE
CVE
added 2019/08/14 1:53 p.m.61 views

CVE-2019-0343

CVE-2019-0343 affects SAP Commerce Cloud (Mediaconversion Extension) versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905. The vulnerability arises from an authenticated Backoffice/HMC user being able to inject code that is executed by the application, enabling Code Injection and allowing an attacker to...

8.8CVSS8.6AI score0.01482EPSS
CVE
CVE
added 2020/11/10 4:10 p.m.61 views

CVE-2020-26809

SAP Commerce Cloud (versions 1808, 1811, 1905, 2005) is affected by CVE-2020-26809 where an attacker can bypass authentication/permission checks via the /medias endpoint, gaining access to Secure Media folders and potentially exposing sensitive data. The root cause is not fully detailed beyond th...

5.3CVSS5.2AI score0.02045EPSS
CVE
CVE
added 2020/04/14 6:39 p.m.56 views

CVE-2020-6238

SAP Commerce versions 6.6, 6.7, 1808, 1811, 1905 are affected by an insecure XML input handling flaw in the Rest API (Servlet xyformsweb), causing Missing XML Validation. The vulnerability affects confidentiality and availability (partially). Root cause: unvalidated XML input processing in the Re...

9.3CVSS9AI score0.0131EPSS
CVE
CVE
added 2021/06/09 1:32 p.m.54 views

CVE-2021-33666

SAP Commerce Cloud (version 100) when serving a JavaScript storefront is vulnerable to MIME sniffing that could enable an XSS attack or malware proliferation under certain conditions. Root cause appears to be MIME sniffing behavior; no remediation or patch details are provided in the supplied doc...

6.1CVSS5.9AI score0.00543EPSS
CVE
CVE
added 2020/04/14 6:37 p.m.48 views

CVE-2020-6232

CVE-2020-6232 affects SAP Commerce versions 1811 and 1905. Root cause: missing authorization checks for anonymous users; impact is confidentiality of secure media. Connected documents confirm the same details; exploitation methods, affected fixes, or mitigations are not provided in the supplied m...

5.3CVSS5.3AI score0.00832EPSS
CVE
CVE
added 2023/12/12 1:0 a.m.35 views

CVE-2023-42481

CVE-2023-42481 affects SAP Commerce Cloud (HY_COM 1905–2205; COM_CLOUD 2211) where a locked B2B user can abuse the forgotten-password flow to unblock and re-gain access when the Composable Storefront is used. Root cause: weak access controls in the forgotten-password mechanism. Implications: impa...

8.1CVSS8.1AI score0.00521EPSS
CVE
CVE
added 2026/02/10 3:3 a.m.26 views

CVE-2026-24321

CVE-2026-24321 concerns SAP Commerce Cloud, where multiple API endpoints are exposed to unauthenticated users. The issue allows retrieval of information not intended for public access via the front-end. The documented impact is limited to confidentiality (low), with no reported impact to integrit...

5.3CVSS5.5AI score0.00214EPSS
CVE
CVE
added 2026/02/10 3:2 a.m.18 views

CVE-2026-23684

CVE-2026-23684 affects SAP Commerce Cloud. A race condition during cart-operations can cause a cart entry to be created with an erroneous product value, potentially allowing manipulation at checkout and impacting data integrity (I:H, A:N, C:N). CVSS 3.1 base score 5.9 (MEDIUM); attack vector: net...

5.9CVSS5.5AI score0.00164EPSS