CVE-2024-33003
CVSS V2 None
CVSS V3 None
Description
Some OCC API endpoints in SAP Commerce Cloud
allows Personally Identifiable Information (PII) data, such as passwords, email
addresses, mobile numbers, coupon codes, and voucher codes, to be included in
the request URL as query or path parameters. On successful exploitation, this
could lead to a High impact on confidentiality and integrity of the
application.
Overview
- CVE ID
- CVE-2024-33003
- Assigner
- sap
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-13T03:36:55.034Z
- Last Modified Date
- 2024-08-13T03:36:55.034Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://me.sap.com/notes/3459935 | |
| https://url.sap/sapsecuritypatchday |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-33003 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33003 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-13 13:07:12 | Added to TrackCVE |