CVE-2024-39597

Name of the Vulnerable Software and Affected Versions SAP Commerce (affected versions not specified)

Description A user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as an isolated site, this can also grant access to other non-isolated early login sites, even if registration is not enabled for those other sites.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.