CVE-2021-27619

Published: May 11, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure.

Affected (5)

Products: Sap: Commerce

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Sap Commerce	Version 1808
Sap Commerce	Version 1811
Sap Commerce	Version 1905
Sap Commerce	Version 2005
Sap Commerce	Version 2011

References (4)

https://launchpad.support.sap.com/#/notes/3039818

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3039818

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.