VYPR
Unrated severityNVD Advisory· Published Dec 12, 2023· Updated Sep 28, 2024

Improper Access Control vulnerability in SAP Commerce Cloud

CVE-2023-42481

Description

In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.

Affected products

2
  • SAP/Commerce Cloudllm-fuzzy2 versions
    HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211+ 1 more
    • (no CPE)range: HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211
    • (no CPE)range: HY_COM 1905

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.