CVE-2026-44761
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Commerce Cloud | HY_COM 2205 | affected |
| SAP_SE | SAP Commerce Cloud | COM_CLOUD 2211 | affected |
| SAP_SE | SAP Commerce Cloud | 2211-JDK21 | affected |
Weaknesses
- CWE-1392: CWE-1392: Use of Default Credentials
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.