CVE-2023-37486

Summary

Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Commerce (OCC API)HY_COM 2105affected
SAP_SESAP Commerce (OCC API)HY_COM 2205affected
SAP_SESAP Commerce (OCC API)COM_CLOUD 2211affected

Weaknesses

  • CWE-524: CWE-524: Use of Cache Containing Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References