CVE-2024-41733

Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud (affected versions not specified)

Description The issue is related to insufficient protection of service data in SAP Commerce Cloud, allowing a remote attacker to potentially disclose protected information. In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality is low, and there is no impact to integrity or availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.