Information Disclosure Vulnerability in SAP Commerce Backoffice Search
CVE-2021-27619
6.5MEDIUM
What is CVE-2021-27619?
SAP Commerce, specifically within its Backoffice Search functionality, presents a vulnerability where low privileged users can perform searches for attributes intended to remain concealed. Despite the search results being masked, users can exploit the system by incrementally inputting characters, enabling them to reveal sensitive attribute values and leading to potential information disclosure. This flaw poses risks to the confidentiality of user data and requires prompt attention to mitigate potential exposure.
Affected Version(s)
SAP Commerce (Backoffice Search) < 1808 < 1808
SAP Commerce (Backoffice Search) < 1811 < 1811
SAP Commerce (Backoffice Search) < 1905 < 1905