CVE-2024-33003

Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud (affected versions not specified)

Description The issue is related to errors in processing information in the OCC API Endpoint component of SAP Commerce Cloud. This could allow a remote attacker to gain unauthorized access to protected information or impact data integrity. Some OCC API endpoints allow Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a high impact on confidentiality and integrity of the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.