Lucene search

K
SapCommerce2005

6 matches found

CVE
CVE
added 2022/10/11 9:15 p.m.55 views

CVE-2022-41204

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accou...

8.8CVSS8.7AI score0.00459EPSS
CVE
CVE
added 2021/04/13 7:15 p.m.53 views

CVE-2021-27602

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the sou...

9.9CVSS8.4AI score0.01441EPSS
CVE
CVE
added 2021/02/09 9:15 p.m.42 views

CVE-2021-21477

SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enab...

9.9CVSS9.4AI score0.01147EPSS
CVE
CVE
added 2021/12/14 4:15 p.m.41 views

CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the ...

9.8CVSS9.1AI score0.00758EPSS
CVE
CVE
added 2021/05/11 3:15 p.m.37 views

CVE-2021-27619

SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the...

6.5CVSS6.1AI score0.00184EPSS
CVE
CVE
added 2020/09/09 1:15 p.m.36 views

CVE-2020-6302

SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via shoulder surfing or man in the middle attack and subsequently get access to admin user accounts, leading to Session Fixa...

8.1CVSS7.9AI score0.00397EPSS