SapVULNRICHMENT:CVE-2024-41733CVE-2024-41733 Information Disclosure Vulnerability in SAP Commerce
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
17.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
In SAP Commerce, valid user accounts can be
identified during the customer registration and login processes. This allows a
potential attacker to learn if a given e-mail is used for an account, but does
not grant access to any customer data beyond this knowledge. The attacker must
already know the e-mail that they wish to test for. The impact on
confidentiality therefore is low and no impact to integrity or availability
CNA Affected
[
{
"vendor": "SAP_SE",
"product": "SAP Commerce",
"versions": [
{
"status": "affected",
"version": "HY_COM 2205"
},
{
"status": "affected",
"version": "COM_CLOUD 2211"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:sap:commerce_cloud:2211:*:*:*:*:*:*:*"
],
"vendor": "sap",
"product": "commerce_cloud",
"versions": [
{
"status": "affected",
"version": "2211"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:a:sap:commerce_hycom:2205:*:*:*:*:*:*:*"
],
"vendor": "sap",
"product": "commerce_hycom",
"versions": [
{
"status": "affected",
"version": "2205"
}
],
"defaultStatus": "unaffected"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
17.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total