In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this can also grant access to other non-isolated early login sites, even if registration is not enabled for those other sites.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-07-09T03:48:11.488Z

Updated: 2024-08-02T04:26:15.985Z

Reserved: 2024-06-26T09:58:24.095Z

Link: CVE-2024-39597

cve-icon Vulnrichment

Updated: 2024-07-09T16:20:33.694Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-09T04:15:13.963

Modified: 2024-11-21T09:28:05.280

Link: CVE-2024-39597

cve-icon Redhat

No data.