HIGH🇵🇱 Wersja polska

CVE-2023-39439

CVSS 8.8v3.1pub. 2023-08-08upd. 2024-11-21

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Sap Commerce Cloud

    APP
    Sap
    2211
  • Sap Commerce Hycom

    APP
    Sap
    21052205
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-0344CRITICAL9.8⚠ KEVten sam produkt

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7,...

CVE-2020-6238CRITICAL9.3ten sam produkt

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from ...

CVE-2024-33003HIGH7.4ten sam produkt

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as pa...

CVE-2023-42481HIGH8.1ten sam produkt

In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 221...

CVE-2019-0343HIGH8.8ten sam produkt

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authe...