Some OCC API endpoints in SAP Commerce Cloud
allows Personally Identifiable Information (PII) data, such as passwords, email
addresses, mobile numbers, coupon codes, and voucher codes, to be included in
the request URL as query or path parameters. On successful exploitation, this
could lead to a High impact on confidentiality and integrity of the
application.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Sep 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:sap:commerce_cloud:com_cloud_2211:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:hy_com_1808:*:*:*:*:*:*:* |
Tue, 13 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Sap
Sap commerce Cloud |
|
CPEs | cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2005:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2011:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2105:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2205:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2211:*:*:*:*:*:*:* |
|
Vendors & Products |
Sap
Sap commerce Cloud |
|
Metrics |
ssvc
|
Tue, 13 Aug 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application. | |
Title | Information Disclosure Vulnerability in SAP Commerce Cloud | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2024-08-13T03:36:55.034Z
Updated: 2024-08-13T14:57:53.908Z
Reserved: 2024-04-23T04:04:25.521Z
Link: CVE-2024-33003
Vulnrichment
Updated: 2024-08-13T14:55:58.860Z
NVD
Status : Analyzed
Published: 2024-08-13T04:15:07.380
Modified: 2024-09-16T16:22:07.617
Link: CVE-2024-33003
Redhat
No data.