Hycom2205

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2024-08-13

Updated: 2024-09-12

Summary

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Commerce Com_Cloud_2211 SAP Commerce Hy_Com_2205	2

References

https://me.sap.com/notes/3471450
https://url.sap/sapsecuritypatchday