In SAP Commerce, valid user accounts can be
identified during the customer registration and login processes. This allows a
potential attacker to learn if a given e-mail is used for an account, but does
not grant access to any customer data beyond this knowledge. The attacker must
already know the e-mail that they wish to test for. The impact on
confidentiality therefore is low and no impact to integrity or availability
References
Link | Resource |
---|---|
https://me.sap.com/notes/3471450 | Permissions Required |
https://url.sap/sapsecuritypatchday | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Sep 2024, 13:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sap commerce
Sap |
|
References | () https://me.sap.com/notes/3471450 - Permissions Required | |
References | () https://url.sap/sapsecuritypatchday - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
Summary |
|
|
CPE | cpe:2.3:a:sap:commerce:com_cloud_2211:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce:hy_com_2205:*:*:*:*:*:*:* |
13 Aug 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-13 04:15
Updated : 2024-09-12 13:55
NVD link : CVE-2024-41733
Mitre link : CVE-2024-41733
CVE.ORG link : CVE-2024-41733
JSON object : View
Products Affected
sap
- commerce
CWE