CVE-2024-33003
Information Disclosure Vulnerability in SAP Commerce Cloud
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.4EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
13 Aug 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Some OCC API endpoints in SAP Commerce Cloud
allows Personally Identifiable Information (PII) data, such as passwords, email
addresses, mobile numbers, coupon codes, and voucher codes, to be included in
the request URL as query or path parameters. On successful exploitation, this
could lead to a High impact on confidentiality and integrity of the
application.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
SAP_SE · SAP Commerce CloudWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →