CVE-2024-41733
Information Disclosure Vulnerability in SAP Commerce
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In SAP Commerce, valid user accounts can be
identified during the customer registration and login processes. This allows a
potential attacker to learn if a given e-mail is used for an account, but does
not grant access to any customer data beyond this knowledge. The attacker must
already know the e-mail that they wish to test for. The impact on
confidentiality therefore is low and no impact to integrity or availability
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-07-22 CVE Reserved
- 2024-08-13 CVE Published
- 2024-08-13 CVE Updated
- 2024-09-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sap Search vendor "Sap" | Commerce Search vendor "Sap" for product "Commerce" | * | - |
Affected
| ||||||
Sap Search vendor "Sap" | Commerce Cloud Search vendor "Sap" for product "Commerce Cloud" | * | - |
Affected
| ||||||
Sap Search vendor "Sap" | Commerce Hycom Search vendor "Sap" for product "Commerce Hycom" | * | - |
Affected
|