HIGH🇵🇱 Wersja polska

CVE-2023-42481

CVSS 8.1v3.1pub. 2023-12-12upd. 2024-11-21

In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Sap Commerce Cloud

    APP
    Sap
    8.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-0344CRITICAL9.8⚠ KEVten sam produkt

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7,...

CVE-2020-6238CRITICAL9.3ten sam produkt

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from ...

CVE-2024-33003HIGH7.4ten sam produkt

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as pa...

CVE-2023-39439HIGH8.8ten sam produkt

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to...

CVE-2019-0343HIGH8.8ten sam produkt

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authe...