CVE-2022-41204
published 2022-10-11CVE-2022-41204: An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | commerce | — | — |
| sap | commerce | — | — |
| sap | commerce | — | — |
| sap | commerce | — | — |
| sap | commerce | — | — |
| sap_se | sap_commerce | — | — |
| sap_se | sap_commerce | — | — |
| sap_se | sap_commerce | — | — |
| sap_se | sap_commerce | — | — |
| sap_se | sap_commerce | — | — |