Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-74vw-fvv7-2rh7

Опубликовано: 14 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 8.6

Описание

The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.

The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.

Ссылки

EPSS

Процентиль: 53%
0.00297
Низкий

8.6 High

CVSS3

CVE ID

CVE-2018-2463

Дефекты

CWE-918

Связанные уязвимости

nvd логотип

CVE-2018-2463

CVSS3: 8.6
nvd
больше 7 лет назад

The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.

EPSS

Процентиль: 53%
0.00297
Низкий

8.6 High

CVSS3

CVE ID

CVE-2018-2463

Дефекты

CWE-918