Описание
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
Ссылки
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.0 (включая) до 6.7 (включая)
cpe:2.3:a:sap:hybris:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00297
Низкий
8.6 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 8.6
github
больше 3 лет назад
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
EPSS
Процентиль: 53%
0.00297
Низкий
8.6 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918