VYPR
Unrated severityNVD Advisory· Published Oct 11, 2022· Updated May 20, 2025

CVE-2022-41204

CVE-2022-41204

Description

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system.

Affected products

2
  • SAP/SAP Commercellm-fuzzy
    Range: 1905, 2005, 2105, 2011, 2205
  • SAP SE/SAP Commercev5
    Range: 1905

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.