SAP Commerce Customer Registration and Login Processes
CVE-2024-41733

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Commerce
Vendor: CVE Published:; 13 August 2024

What is CVE-2024-41733?

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability

Affected Version(s)

SAP Commerce HY_COM 2205

SAP Commerce COM_CLOUD 2211

References

https://me.sap.com/notes/3471450

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jul 22, 2024

JSON