Skip to main content

Commerce Hycom

2 CVEs product

Monthly

CVE-2023-39439 CRITICAL Act Now

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud Commerce Hycom
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37486 HIGH This Week

Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud Commerce Hycom
NVD
CVSS 3.1
7.5
EPSS
0.4%
EPSS 1% CVSS 9.8
CRITICAL Act Now

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy