Vulnerabilities > SAP > Commerce > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-41204 | Open Redirect vulnerability in SAP Commerce An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. | 8.8 |
| 2021-11-10 | CVE-2021-40502 | Missing Authorization vulnerability in SAP Commerce SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2020-09-09 | CVE-2020-6302 | Unspecified vulnerability in SAP Commerce SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. | 8.1 |
| 2020-06-10 | CVE-2020-6264 | Unspecified vulnerability in SAP Commerce SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure. | 7.5 |