mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
121 lines
4.6 KiB
JSON
121 lines
4.6 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-33003",
|
|
"ASSIGNER": "cna@sap.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Some OCC API endpoints in SAP Commerce Cloud\nallows Personally Identifiable Information (PII) data, such as passwords, email\naddresses, mobile numbers, coupon codes, and voucher codes, to be included in\nthe request URL as query or path parameters. On successful exploitation, this\ncould lead to a High impact on confidentiality and integrity of the\napplication."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
|
|
"cweId": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "SAP_SE",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "SAP Commerce Cloud",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "HY_COM 1808"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1811"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1905"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2005"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2105"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2011"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2205"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "COM_CLOUD 2211"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://me.sap.com/notes/3459935",
|
|
"refsource": "MISC",
|
|
"name": "https://me.sap.com/notes/3459935"
|
|
},
|
|
{
|
|
"url": "https://url.sap/sapsecuritypatchday",
|
|
"refsource": "MISC",
|
|
"name": "https://url.sap/sapsecuritypatchday"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.4,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |