CVE-2024-33003: Information Disclosure Vulnerability in SAP Commerce Cloud

First published: Tue Aug 13 2024(Updated: )

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application.

Credit: cna@sap.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/title
• agent/type
• agent/first-publish-date
• agent/description
• agent/author
• collector/mitre-cve
• source/MITRE
• agent/references
• collector/the-register
• source/The Register
• alias/CVE-2024-43491
• alias/CVE-2024-38216
• alias/CVE-2024-38220
• alias/CVE-2024-38194
• alias/CVE-2024-38188
• alias/CVE-2024-43470
• alias/CVE-2024-43469
• alias/CVE-2024-38018
• alias/CVE-2024-43464
• alias/CVE-2024-38119
• alias/CVE-2024-24968
• alias/CVE-2024-23984
• alias/CVE-2024-41730
• alias/CVE-2024-33003
• alias/CVE-2024-7889
• alias/CVE-2024-7890
• alias/CVE-2024-8190
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/severity
• agent/last-modified-date
• agent/softwarecombine
• agent/event
• agent/tags
• agent/trending
• vendor/sap
• canonical/sap commerce cloud
• version/sap commerce cloud/1811
• version/sap commerce cloud/1905
• version/sap commerce cloud/2005
• version/sap commerce cloud/2011
• version/sap commerce cloud/2105
• version/sap commerce cloud/2205
• version/sap commerce cloud/com_cloud_2211
• version/sap commerce cloud/hy_com_1808