Vulnerabilities > CVE-2021-27619 - Unspecified vulnerability in SAP Commerce

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2021-05-11

Updated: 2022-07-12

Summary

SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Commerce 1808 SAP Commerce 1811 SAP Commerce 1905 SAP Commerce 2005 SAP Commerce 2011	5

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655
https://launchpad.support.sap.com/#/notes/3039818