Skip to main content

Hybris

8 CVEs product

Monthly

CVE-2019-0238 MEDIUM This Month

SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Hybris
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-2505 MEDIUM This Month

SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Hybris
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-2463 HIGH This Week

The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Hybris
NVD
CVSS 3.0
8.6
EPSS
1.6%
CVE-2014-8871 HIGH POC This Week

Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hybris
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2016-6859 MEDIUM This Month

Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Java Hybris
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-6858 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Hybris
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6857 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Hybris
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6856 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Hybris
NVD
CVSS 3.0
6.1
EPSS
0.2%
EPSS 1% CVSS 6.1
MEDIUM This Month

SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Hybris
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Hybris
NVD
EPSS 2% CVSS 8.6
HIGH This Week

The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Hybris
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hybris
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Java +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Hybris
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Hybris
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Hybris
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy