Description
SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low
Affected products
- SAP_SE / SAP Commerce< 6.7 – < 6.7
- SAP_SE / SAP Commerce< 1808 – < 1808
- SAP_SE / SAP Commerce< 1811 – < 1811
- SAP_SE / SAP Commerce< 1905 – < 1905