VYPR
Unrated severityNVD Advisory· Published Aug 13, 2024· Updated Aug 13, 2024

Information Disclosure Vulnerability in SAP Commerce Cloud

CVE-2024-33003

Description

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • SAP/Commerce Cloudllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: HY_COM 1808

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.