1 results (0.005 seconds)

CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3459935 https://url.sap/sapsecuritypatchday • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •