Commerce Cloud

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-24321 MEDIUM This Month

SAP Commerce Cloud contains unauthenticated API endpoints that expose sensitive information not intended for public access, enabling remote attackers to retrieve confidential data without authentication. The vulnerability has limited impact on confidentiality with no effect on system integrity or availability. No patch is currently available for affected Commerce Cloud deployments.

Sap Commerce Cloud
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-23684 MEDIUM This Month

Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).

Sap Race Condition Commerce Cloud
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-24321
EPSS 0% CVSS 5.3
MEDIUM This Month

SAP Commerce Cloud contains unauthenticated API endpoints that expose sensitive information not intended for public access, enabling remote attackers to retrieve confidential data without authentication. The vulnerability has limited impact on confidentiality with no effect on system integrity or availability. No patch is currently available for affected Commerce Cloud deployments.

Sap Commerce Cloud
NVD
CVE-2026-23684
EPSS 0% CVSS 5.9
MEDIUM This Month

Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).

Sap Race Condition Commerce Cloud
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy