Product:

Commerce_cloud

(Sap)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 16
Date Id Summary Products Score Patch Annotated
2020-10-15 CVE-2020-6272 SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability. Commerce_cloud 5.4
2020-04-14 CVE-2020-6232 SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. This affects confidentiality of secure media. Commerce_cloud N/A
2020-03-10 CVE-2020-6201 The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting. Commerce_cloud N/A
2020-03-10 CVE-2020-6200 The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework. Commerce_cloud N/A
2019-08-14 CVE-2019-0343 SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. Commerce_cloud 8.8
2019-07-10 CVE-2019-0322 SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Commerce_cloud 7.5