CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-45278

SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.0%

CVSS Severity

CVSS v3 Score 5.4

References

https://me.sap.com/notes/3507545
https://url.sap/sapsecuritypatchday

Products affected by CVE-2024-45278

Sap » Commerce Backoffice » Version: 2205

cpe:2.3:a:sap:commerce_backoffice:2205
Sap » Commerce Backoffice » Version: 2211

cpe:2.3:a:sap:commerce_backoffice:2211

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-45278

Products

Pricing

Contact Us