CVE-2024-41733 MEDIUM

CVE-2024-41733: Information Disclosure Vulnerability in SAP Commerce

Vendor Sap_Se
Product SAP Commerce
Weakness CWE-200 · Info exposure
Published August 13, 2024
Last update August 13, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the e-mail that they wish to test for. The impact on confidentiality therefore is low and no impact to integrity or availability

Key dates

02Disclosure timeline

August 13, 2024 CVE published
August 13, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-4222 Database Toolset <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files CVE-2023-52234 WordPress Booster Elite for WooCommerce plugin < 7.1.2 - Auth. Sensitive Data Exposure vulnerability CVE-2022-41734 IBM Maximo Asset Management information disclosure CVE-2024-34004 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_wiki backup CVE-2024-32967 Zitadel exposes internal database user name and host information