← voltar
CVE-2024-47577

Information Disclosure vulnerability in SAP Commerce Cloud

CVSS 2.7 LOWEPSS 0.2%CWE-319
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 2.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 dez 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating as authorized admin visits such server logs, then they get access to the customer data. The amount of leaked confidential data however is extremely limited, and the attacker has no control over what data is leaked.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
SAP_SE · SAP Commerce Cloud

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3535451https://url.sap/sapsecuritypatchday