CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.8%

CVSS Severity

CVSS v3 Score 7.4

References

Products affected by CVE-2024-33003

Sap » Commerce Cloud » Version: 1811

cpe:2.3:a:sap:commerce_cloud:1811
Sap » Commerce Cloud » Version: 1905

cpe:2.3:a:sap:commerce_cloud:1905
Sap » Commerce Cloud » Version: 2005

cpe:2.3:a:sap:commerce_cloud:2005
Sap » Commerce Cloud » Version: 2011

cpe:2.3:a:sap:commerce_cloud:2011
Sap » Commerce Cloud » Version: 2105

cpe:2.3:a:sap:commerce_cloud:2105
Sap » Commerce Cloud » Version: 2205

cpe:2.3:a:sap:commerce_cloud:2205
Sap » Commerce Cloud » Version: com_cloud_2211

cpe:2.3:a:sap:commerce_cloud:com_cloud_2211
Sap » Commerce Cloud » Version: hy_com_1808

cpe:2.3:a:sap:commerce_cloud:hy_com_1808

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-33003

Products

Pricing

Contact Us