CVE-2023-42481 – Improper Access Control vulnerability in SAP Commerce Cloud
https://notcve.org/view.php?id=CVE-2023-42481
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity. En SAP Commerce Cloud - versiones HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, un usuario B2B bloqueado puede hacer un mal uso de la funcionalidad de contraseña olvidada para desbloquear su cuenta de usuario nuevamente y volver a obtener acceso si SAP Commerce Cloud - Composable Storefront se utiliza como escaparate, debido a los débiles controles de acceso implementados. Esto tiene un impacto considerable en la confidencialidad y la integridad. • https://me.sap.com/notes/3394567 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-284: Improper Access Control CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVE-2020-6238
https://notcve.org/view.php?id=CVE-2020-6238
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce. SAP Commerce, versiones 6.6, 6.7, 1808, 1811, 1905, no procesa una entrada XML de forma segura en la API Rest del Servlet xyformsweb, conllevando a una Falta de Comprobación XML. Esto afecta la confidencialidad y la disponibilidad (parcialmente) de SAP Commerce. • https://launchpad.support.sap.com/#/notes/2904480 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2020-6201
https://notcve.org/view.php?id=CVE-2020-6201
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting. SAP Commerce (Testweb Extension), versiones 6.6, 6.7, 1808, 1811, 1905, no codifica suficientemente las entradas controladas por el usuario, debido a que determinados parámetros GET URL son reflejados en las respuestas HTTP sin escape y saneamiento, conllevando a un ataque de tipo Cross Site Scripting Reflejado. • https://launchpad.support.sap.com/#/notes/2876813 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6200
https://notcve.org/view.php?id=CVE-2020-6200
The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework. SAP Commerce (SmartEdit Extension), versiones 6.6, 6.7, 1808, 1811, es vulnerable a una inyección de plantilla angularjs del lado del cliente, una variante de tipo Cross-Site-Scripting (XSS) que explota las instalaciones de plantillas del framework angular. • https://launchpad.support.sap.com/#/notes/2876413 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0344 – SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2019-0344
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection. Debido a una deserialización no confiable usada en SAP Commerce Cloud (virtualjdbc extension), versiones 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, es posible ejecutar código arbitrario en una máquina de destino con derechos de usuario 'Hybris', resultando en Inyección de Código. SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection. • https://launchpad.support.sap.com/#/notes/2786035 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-502: Deserialization of Untrusted Data •