Описание
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability.
Ссылки
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:commerce_cloud:2205:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:2211:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-359
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
около 2 месяцев назад
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability.
EPSS
Процентиль: 16%
0.00052
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-359
NVD-CWE-noinfo