CVE-2023-42481
published 2023-12-12CVE-2023-42481: In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten…
high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | — | — |