CVE-2024-33003 Information

Description

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data such as passwords email addresses mobile numbers coupon codes and voucher codes to be included in the request URL as query or path parameters. On successful exploitation this could lead to a High impact on confidentiality and integrity of the application.

Reference

https://me.sap.com/notes/3459935 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday