Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2
CVE-2024-39597
- EPSS 0.1%
- Published 09.07.2024 04:15:13
- Last modified 21.11.2024 09:28:05
In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the s...
9.8
CVE-2023-39439
- EPSS 0.3%
- Published 08.08.2023 01:15:19
- Last modified 21.11.2024 08:15:25
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
7.5
CVE-2023-37486
- EPSS 0.14%
- Published 08.08.2023 01:15:17
- Last modified 21.11.2024 08:11:48
Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on con...
1