Vulnerabilities > SAP > Commerce > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-11 CVE-2022-41204 Open Redirect vulnerability in SAP Commerce
An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL.
network
low complexity
sap CWE-601
8.8
2020-09-09 CVE-2020-6302 Unspecified vulnerability in SAP Commerce
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially.
network
low complexity
sap
7.5
2020-06-09 CVE-2020-6265 Use of Hard-coded Credentials vulnerability in SAP Commerce and Commerce Data HUB
SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials.
network
low complexity
sap CWE-798
7.5