Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating as authorized admin visits such server logs, then they get access to the customer data. The amount of leaked confidential data however is extremely limited, and the attacker has no control over what data is leaked.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating as authorized admin visits such server logs, then they get access to the customer data. The amount of leaked confidential data however is extremely limited, and the attacker has no control over what data is leaked. | |
Title | Information Disclosure vulnerability in SAP Commerce Cloud | |
Weaknesses | CWE-319 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2024-12-10T00:11:49.563Z
Updated: 2024-12-10T17:14:39.791Z
Reserved: 2024-09-27T20:05:49.543Z
Link: CVE-2024-47577
Vulnrichment
Updated: 2024-12-10T15:41:49.830Z
NVD
Status : Received
Published: 2024-12-10T01:15:05.500
Modified: 2024-12-10T01:15:05.500
Link: CVE-2024-47577
Redhat
No data.