Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application.
History

Mon, 16 Sep 2024 16:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:sap:commerce_cloud:com_cloud_2211:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:hy_com_1808:*:*:*:*:*:*:*

Tue, 13 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap commerce Cloud
CPEs cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:2005:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:2011:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:2105:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:2205:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:2211:*:*:*:*:*:*:*
Vendors & Products Sap
Sap commerce Cloud
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 03:45:00 +0000

Type Values Removed Values Added
Description Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application.
Title Information Disclosure Vulnerability in SAP Commerce Cloud
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-08-13T03:36:55.034Z

Updated: 2024-08-13T14:57:53.908Z

Reserved: 2024-04-23T04:04:25.521Z

Link: CVE-2024-33003

cve-icon Vulnrichment

Updated: 2024-08-13T14:55:58.860Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-13T04:15:07.380

Modified: 2024-09-16T16:22:07.617

Link: CVE-2024-33003

cve-icon Redhat

No data.