Impact
The vulnerability arises from SAP Commerce Cloud retaining a sample OAuth2 client that includes publicly documented credentials provided as part of sample configuration in SAP Help Portal. These credentials are well known, and if the sample client is left unchanged, an unauthenticated attacker can use them to obtain a valid access token. With an access token, the attacker can call specific APIs to read and modify data stored in the Commerce application. This results in significant loss of confidentiality and integrity of data; availability remains unaffected.
Affected Systems
Affected systems are installations of SAP Commerce Cloud that still contain the default sample OAuth2 client configuration. The exact product versions are not enumerated in the advisory; however, any deployment that has not removed or updated the sample credentials from its configuration can potentially be vulnerable.
Risk and Exploitability
The CVSS score of 9.1 indicates a high severity vulnerability. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likelihood of exploitation is high if default credentials remain in place, as no authentication is required to activate the attack path. An attacker simply needs network access to the OAuth2 endpoint and the knowledge of the well‑known credentials to obtain a token and proceed with API calls. There are no special prerequisites beyond the presence of the default sample client.
OpenCVE Enrichment