CVE-2024-41733

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/08/2024
Last modified:
12/09/2024

Description

In SAP Commerce, valid user accounts can be<br /> identified during the customer registration and login processes. This allows a<br /> potential attacker to learn if a given e-mail is used for an account, but does<br /> not grant access to any customer data beyond this knowledge. The attacker must<br /> already know the e-mail that they wish to test for. The impact on<br /> confidentiality therefore is low and no impact to integrity or availability

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:sap:commerce:com_cloud_2211:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce:hy_com_2205:*:*:*:*:*:*:*