CVE-2022-41204

Summary

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Commerce1905affected
SAP SESAP Commerce2005affected
SAP SESAP Commerce2105affected
SAP SESAP Commerce2011affected
SAP SESAP Commerce2205affected

Weaknesses

  • CWE-601: CWE-601

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References