CVE-2024-33003: Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon…

critical9.1CVSS 3.1

AVNACLPRNUINSUCHIHAN

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
sap	commerce_cloud	—	—
sap	commerce_cloud	—	—
sap	commerce_cloud	—	—
sap	commerce_cloud	—	—
sap	commerce_cloud	—	—
sap	commerce_cloud	—	—
sap	commerce_cloud	—	—
sap	commerce_cloud	—	—
sap_se	sap_commerce_cloud	—	—
sap_se	sap_commerce_cloud	—	—
sap_se	sap_commerce_cloud	—	—
sap_se	sap_commerce_cloud	—	—
sap_se	sap_commerce_cloud	—	—
sap_se	sap_commerce_cloud	—	—
sap_se	sap_commerce_cloud	—	—
sap_se	sap_commerce_cloud	—	—