Remote Code Injection Vulnerability in SAP Commerce
CVE-2022-41204

8.8HIGH

Key Information:

Vendor: SAP
Status: SAP Commerce
Vendor: CVE Published:; 11 October 2022

Summary

This vulnerability in SAP Commerce allows attackers to manipulate the login page through a crafted URL. By injecting malicious code, an attacker can redirect user logins to their own server, enabling the theft of credentials and unauthorized access to accounts. This jeopardizes the confidentiality, integrity, and availability of the affected systems, making it critical for users to ensure their applications are updated and secured.

Affected Version(s)

SAP Commerce 1905

SAP Commerce 2005

SAP Commerce 2105

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3239152

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 21, 2022