Vulnerabilities > SAP > Commerce > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-11 CVE-2022-41204 Open Redirect vulnerability in SAP Commerce
An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL.
network
low complexity
sap CWE-601
8.8
2021-11-10 CVE-2021-40502 Missing Authorization vulnerability in SAP Commerce
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2020-09-09 CVE-2020-6302 Unspecified vulnerability in SAP Commerce
SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially.
network
high complexity
sap
8.1
2020-06-10 CVE-2020-6264 Unspecified vulnerability in SAP Commerce
SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure.
network
low complexity
sap
7.5