CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-41204

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.7%

CVSS Severity

CVSS v3 Score 8.8

References

https://launchpad.support.sap.com/#/notes/3239152
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3239152
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Products affected by CVE-2022-41204

Sap » Commerce » Version: 1905

cpe:2.3:a:sap:commerce:1905
Sap » Commerce » Version: 2005

cpe:2.3:a:sap:commerce:2005
Sap » Commerce » Version: 2011

cpe:2.3:a:sap:commerce:2011
Sap » Commerce » Version: 2105

cpe:2.3:a:sap:commerce:2105
Sap » Commerce » Version: 2205

cpe:2.3:a:sap:commerce:2205

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41204

Products

Pricing

Contact Us