What is the severity of CVE-2024-41733?

CVE-2024-41733 has a low severity level as it does not permit unauthorized access to customer data.

How do I fix CVE-2024-41733?

To fix CVE-2024-41733, ensure you are using the latest version of SAP Commerce, specifically updates that address this vulnerability.

What systems are affected by CVE-2024-41733?

CVE-2024-41733 affects SAP Commerce versions com_cloud_2211 and hy_com_2205.

What type of information can be leaked due to CVE-2024-41733?

CVE-2024-41733 allows potential attackers to verify if a specific email is associated with an existing user account.

Is user data exposed in CVE-2024-41733?

No, CVE-2024-41733 does not expose any actual user data beyond the confirmation of an email address being tied to an account.

Vulnerability/
CVE-2024-41733

medium

5.3

CWE

200

13/8/2024

12/9/2024

CVE-2024-41733: Information Disclosure Vulnerability in SAP Commerce

First published: Tue Aug 13 2024(Updated: )

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP Commerce Cloud	=com_cloud_2211
SAP Commerce Cloud	=hy_com_2205

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-41733?
CVE-2024-41733 has a low severity level as it does not permit unauthorized access to customer data.
How do I fix CVE-2024-41733?
To fix CVE-2024-41733, ensure you are using the latest version of SAP Commerce, specifically updates that address this vulnerability.
What systems are affected by CVE-2024-41733?
CVE-2024-41733 affects SAP Commerce versions com_cloud_2211 and hy_com_2205.
What type of information can be leaked due to CVE-2024-41733?
CVE-2024-41733 allows potential attackers to verify if a specific email is associated with an existing user account.
Is user data exposed in CVE-2024-41733?
No, CVE-2024-41733 does not expose any actual user data beyond the confirmation of an email address being tied to an account.

agent/title
agent/weakness
agent/references
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/sap
canonical/sap commerce cloud
version/sap commerce cloud/com_cloud_2211
version/sap commerce cloud/hy_com_2205

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.