What is the severity of CVE-2024-47577?

CVE-2024-47577 has been rated as a medium severity vulnerability due to its information disclosure nature.

How do I fix CVE-2024-47577?

To fix CVE-2024-47577, apply the recommended patches and updates provided by SAP for Commerce Cloud.

What type of vulnerability is CVE-2024-47577?

CVE-2024-47577 is classified as an information disclosure vulnerability affecting SAP Commerce Cloud.

What information is exposed in CVE-2024-47577?

CVE-2024-47577 exposes customer data through request URLs that are logged on the server.

Vulnerability/
CVE-2024-47577

low

2.7

CWE

319

10/12/2024

CVE-2024-47577: Information Disclosure vulnerability in SAP Commerce Cloud

First published: Tue Dec 10 2024(Updated: )

Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating as authorized admin visits such server logs, then they get access to the customer data. The amount of leaked confidential data however is extremely limited, and the attacker has no control over what data is leaked.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP Commerce

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-47577?
CVE-2024-47577 has been rated as a medium severity vulnerability due to its information disclosure nature.
How do I fix CVE-2024-47577?
To fix CVE-2024-47577, apply the recommended patches and updates provided by SAP for Commerce Cloud.
What type of vulnerability is CVE-2024-47577?
CVE-2024-47577 is classified as an information disclosure vulnerability affecting SAP Commerce Cloud.
Who is affected by CVE-2024-47577?
Any authorized agent using the Assisted Service Module within SAP Commerce Cloud may be affected by CVE-2024-47577.
What information is exposed in CVE-2024-47577?
CVE-2024-47577 exposes customer data through request URLs that are logged on the server.

agent/references
agent/title
agent/first-publish-date
agent/type
agent/description
collector/nvd-api
source/NVD
agent/weakness
agent/author
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/sap
canonical/sap commerce

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.