Some OCC API endpoints in SAP Commerce Cloud
allows Personally Identifiable Information (PII) data, such as passwords, email
addresses, mobile numbers, coupon codes, and voucher codes, to be included in
the request URL as query or path parameters. On successful exploitation, this
could lead to a High impact on confidentiality and integrity of the
application.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3459935 | Permissions Required |
https://url.sap/sapsecuritypatchday | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Sep 2024, 16:22
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
References | () https://me.sap.com/notes/3459935 - Permissions Required | |
References | () https://url.sap/sapsecuritypatchday - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
First Time |
Sap commerce Cloud
Sap |
|
CPE | cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2005:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2011:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2205:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:com_cloud_2211:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2105:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:hy_com_1808:*:*:*:*:*:*:* |
13 Aug 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-13 04:15
Updated : 2024-09-16 16:22
NVD link : CVE-2024-33003
Mitre link : CVE-2024-33003
CVE.ORG link : CVE-2024-33003
JSON object : View
Products Affected
sap
- commerce_cloud
CWE