CVE-2024-47577

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud (affected versions not specified)

Description: The issue is related to an information disclosure vulnerability in the Webservice API endpoints for the Assisted Service Module within SAP Commerce Cloud. When an authorized agent searches for a customer to manage their accounts, the request URL includes customer data, which is recorded in server logs. If an attacker, impersonating an authorized admin, visits such server logs, they can access the customer data. However, the amount of leaked confidential data is extremely limited, and the attacker has no control over what data is leaked.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.