CVE-2022-41204

Name of the Vulnerable Software and Affected Versions SAP Commerce versions 1905 through 2205

Description An attacker can change the content of the SAP Commerce login page through a manipulated URL, allowing them to inject code that redirects submissions from the affected login form to their own server. This enables them to steal credentials and hijack accounts, potentially compromising the Confidentiality, Integrity, and Availability of the system.

Recommendations For versions 1905 through 2205, consider restricting access to the login page until a fix is available, and avoid using manipulated URLs to prevent code injection. As a temporary workaround, consider disabling the login form submission functionality until a patch is available.