Server-Side Request Forgery Vulnerability in SAP Hybris Commerce API
CVE-2018-2463
8.6HIGH
Summary
The Omni Commerce Connect API (OCC) in SAP Hybris Commerce versions 6.* is susceptible to server-side request forgery (SSRF) due to a misconfiguration of the XML parser on the server. This vulnerability may allow an attacker to send unauthorized requests to internal resources, potentially compromising sensitive data or services. Ensuring proper configuration and security measures are essential to mitigate these risks.
Affected Version(s)
SAP Hybris Commerce = 6.*
References
CVSS V3.1
Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved