CVE-2024-41733

CWE-200Information Exposure3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.5%
top 32.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP CommerceSAP Commerce
Timeline
PublishedAug 13

Description

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDsap/commercecom_cloud_2211, hy_com_2205+1
CVEListV5sap_se/sap_commerceCOM_CLOUD 2211, HY_COM 2205+1

🔴Vulnerability Details

2
CVEList
Information Disclosure Vulnerability in SAP Commerce2024-08-13
GHSA
GHSA-4x4m-ghmx-6q9w: In SAP Commerce, valid user accounts can be identified during the customer registration and login processes2024-08-13
CVE-2024-41733 (MEDIUM CVSS 5.3) | In SAP Commerce | cvebase.io