Server-Side Request Forgery Vulnerability in SAP Hybris Commerce API
CVE-2018-2463
8.6HIGH
What is CVE-2018-2463?
The Omni Commerce Connect API (OCC) in SAP Hybris Commerce versions 6.* is susceptible to server-side request forgery (SSRF) due to a misconfiguration of the XML parser on the server. This vulnerability may allow an attacker to send unauthorized requests to internal resources, potentially compromising sensitive data or services. Ensuring proper configuration and security measures are essential to mitigate these risks.
Affected Version(s)
SAP Hybris Commerce = 6.*