CVE-2021-27619
published 2021-05-11CVE-2021-27619: SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | commerce | — | — |
| sap | commerce | — | — |
| sap | commerce | — | — |
| sap | commerce | — | — |
| sap | commerce | — | — |
| sap_se | sap_commerce | < 1808 | 1808 |
| sap_se | sap_commerce | < 1811 | 1811 |
| sap_se | sap_commerce | < 1905 | 1905 |
| sap_se | sap_commerce | < 2005 | 2005 |
| sap_se | sap_commerce | < 2011 | 2011 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv9.8CRITICAL