CVE-2021-27619

Description

SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.184

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in SAP Commerce 1808	Windows
Multiple Vulnerabilities are affected in SAP Commerce 1811	Windows
Multiple Vulnerabilities are affected in SAP Commerce 1905	Windows
Multiple Vulnerabilities are affected in SAP Commerce 2005	Windows
Multiple Vulnerabilities are affected in SAP Commerce 2011	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234