Unrated severityNVD Advisory· Published Dec 12, 2023· Updated Sep 28, 2024
Improper Access Control vulnerability in SAP Commerce Cloud
CVE-2023-42481
Description
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.
Affected products
2HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211+ 1 more
- (no CPE)range: HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211
- (no CPE)range: HY_COM 1905
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.