Some OCC API endpoints in SAP Commerce Cloud
allows Personally Identifiable Information (PII) data, such as passwords, email
addresses, mobile numbers, coupon codes, and voucher codes, to be included in
the request URL as query or path parameters. On successful exploitation, this
could lead to a High impact on confidentiality and integrity of the
application.
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 16 Sep 2024 16:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:a:sap:commerce_cloud:com_cloud_2211:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:hy_com_1808:*:*:*:*:*:*:* | 
Tue, 13 Aug 2024 15:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Sap Sap commerce Cloud | |
| CPEs | cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2005:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2011:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2105:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2205:*:*:*:*:*:*:* cpe:2.3:a:sap:commerce_cloud:2211:*:*:*:*:*:*:* | |
| Vendors & Products | Sap Sap commerce Cloud | |
| Metrics | ssvc 
 | 
Tue, 13 Aug 2024 03:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application. | |
| Title | Information Disclosure Vulnerability in SAP Commerce Cloud | |
| Weaknesses | CWE-200 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: sap
Published: 2024-08-13T03:36:55.034Z
Updated: 2024-08-13T14:57:53.908Z
Reserved: 2024-04-23T04:04:25.521Z
Link: CVE-2024-33003
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-13T14:55:58.860Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-08-13T04:15:07.380
Modified: 2024-09-16T16:22:07.617
Link: CVE-2024-33003
 Redhat
                        Redhat
                    No data.