VYPR

Hybris Commerce

by SAP

CVEs (2)

  • CVE-2018-2463HigSep 11, 2018
    risk 0.56cvss 8.6epss 0.02

    The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.

  • CVE-2018-2505Dec 11, 2018
    risk 0.00cvss epss 0.01

    SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).