CVE-2024-41733 Information

Description

In SAP Commerce valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability

Reference

https://me.sap.com/notes/3471450 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday