216.73.217.64

CVE-2024-47577

· Published 10/12/2024 01:15 · Modified 10/12/2024 01:15

Labels: CVE-2024-47577 2024-12-10CVE-2024-47577CWE-319[email protected]

Essential information

Published
10/12/2024 01:15
Modified
10/12/2024 01:15
Author
Creator
CVSS
2.7 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating as authorized admin visits such server logs, then they get access to the customer data. The amount of leaked confidential data however is extremely limited, and the attacker has no control over what data is leaked.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References