CVE-2024-33003 – Information Disclosure Vulnerability in SAP Commerce Cloud
https://notcve.org/view.php?id=CVE-2024-33003
Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3459935 https://url.sap/sapsecuritypatchday • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-21445
https://notcve.org/view.php?id=CVE-2021-21445
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. A successful exploitation of this vulnerability may lead to advanced attacks, including cross-site scripting and page hijacking. SAP Commerce Cloud, versiones - 1808, 1811, 1905, 2005, 2011, permite a un atacante autenticado incluir datos invalidados en el encabezado Content Type de la respuesta HTTP, debido a una comprobación de entrada inapropiada, y se envía a un usuario Web. Una explotación con éxito de esta vulnerabilidad puede conllevar a ataques avanzados, incluyendo cross-site scripting y secuestro de páginas • https://launchpad.support.sap.com/#/notes/2984034 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2020-26810
https://notcve.org/view.php?id=CVE-2020-26810
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity. SAP Commerce Cloud (Accelerator Payment Mock), versiones: 1808, 1811, 1905, 2005, permite a un atacante no autenticado enviar una petición diseñada a través de una red hacia una URL del módulo de SAP Commerce en particular que será procesada sin más interacción, la petición diseñada puede hacer que el servicio SAP Commerce no esté disponible, conllevando a una Denegación de Servicio sin impacto en la confidencialidad o integridad • https://launchpad.support.sap.com/#/notes/2975170 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 •
CVE-2020-26811
https://notcve.org/view.php?id=CVE-2020-26811
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability. SAP Commerce Cloud (Accelerator Payment Mock), versiones - 1808, 1811, 1905, 2005, permite a un atacante no autenticado enviar una petición diseñada a través de una red hacia una URL del módulo de SAP Commerce en particular que será procesada sin más interacción, la petición diseñada conlleva a un ataque de tipo Server Side Request Forgery que podría conllevar a la recuperación de partes limitadas de información sobre el servicio sin impacto en la integridad o disponibilidad • http://packetstormsecurity.com/files/163143/SAP-Hybris-eCommerce-Server-Side-Request-Forgery.html http://seclists.org/fulldisclosure/2021/Jun/26 https://launchpad.support.sap.com/#/notes/2975170 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2020-26809
https://notcve.org/view.php?id=CVE-2020-26809
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality. SAP Commerce Cloud, versiones 1808,1811,1905,2005, permite a un atacante omitir las comprobaciones de autenticación y permisos existentes por medio del endpoint "/medias" y, por lo tanto, obtener acceso a las carpetas de Secure Media. Esta carpeta podría contener archivos confidenciales que resulta en una divulgación de información confidencial e impacto en la confidencialidad de la configuración del sistema • http://packetstormsecurity.com/files/163146/SAP-Hybris-eCommerce-Information-Disclosure.html http://seclists.org/fulldisclosure/2021/Jun/27 https://launchpad.support.sap.com/#/notes/2975189 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 • CWE-276: Incorrect Default Permissions •