Vulnerabilities > SAP > Commerce Cloud > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-33666 Cross-site Scripting vulnerability in SAP Commerce Cloud 100
When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation.
network
sap CWE-79
4.3
2020-11-10 CVE-2020-26809 Incorrect Default Permissions vulnerability in SAP Commerce Cloud
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders.
network
low complexity
sap CWE-276
5.0
2020-10-15 CVE-2020-6363 Insufficient Session Expiration vulnerability in SAP Commerce Cloud
SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user.
network
sap CWE-613
4.9
2020-04-14 CVE-2020-6232 Missing Authorization vulnerability in SAP Commerce Cloud 1811/1905
SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check.
network
low complexity
sap CWE-862
5.0
2020-03-10 CVE-2020-6201 Cross-site Scripting vulnerability in SAP Commerce Cloud
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting.
network
sap CWE-79
4.3
2019-08-14 CVE-2019-0343 Code Injection vulnerability in SAP Commerce Cloud
SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection.
network
low complexity
sap CWE-94
6.5
2019-07-10 CVE-2019-0322 Unspecified vulnerability in SAP Commerce Cloud
SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
5.0