SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HSap Commerce Cloud
APPSap2211Sap Commerce Hycom
APPSap21052205
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2019-0344CRITICAL9.8⚠ KEVten sam produkt
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7,...
CVE-2020-6238CRITICAL9.3ten sam produkt
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from ...
CVE-2024-33003HIGH7.4ten sam produkt
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as pa...
CVE-2023-42481HIGH8.1ten sam produkt
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 221...
CVE-2019-0343HIGH8.8ten sam produkt
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authe...