Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-2463

The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.9%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 5.0
Products affected by CVE-2018-2463
  • Sap » Hybris » Version: 6.0
    cpe:2.3:a:sap:hybris:6.0
  • Sap » Hybris » Version: 6.1
    cpe:2.3:a:sap:hybris:6.1
  • Sap » Hybris » Version: 6.2
    cpe:2.3:a:sap:hybris:6.2
  • Sap » Hybris » Version: 6.3
    cpe:2.3:a:sap:hybris:6.3
  • Sap » Hybris » Version: 6.4
    cpe:2.3:a:sap:hybris:6.4
  • Sap » Hybris » Version: 6.5
    cpe:2.3:a:sap:hybris:6.5
  • Sap » Hybris » Version: 6.6
    cpe:2.3:a:sap:hybris:6.6
  • Sap » Hybris » Version: 6.7
    cpe:2.3:a:sap:hybris:6.7


Products
Pricing
Contact Us

Shodan ® - All rights reserved