Vulnerabilities > CVE-2018-2463 - Server-Side Request Forgery (SSRF) vulnerability in SAP Hybris
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/105339
- http://www.securityfocus.com/bid/105339
- https://launchpad.support.sap.com/#/notes/2680834
- https://launchpad.support.sap.com/#/notes/2680834
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993