Sap_se Sap Commerce Cloud
7 CVEs affecting Sap_se Sap Commerce Cloud. Latest disclosed: 2026-02-10. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-42481 | High | 8.1 | 2023-12-12 | In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten pas… |
CVE-2024-33003 | High | 7.4 | 2024-08-13 | Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon… |
CVE-2026-23684 | Medium | 5.9 | 2026-02-10 | A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being… |
CVE-2026-24321 | Medium | 5.3 | 2026-02-10 | SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive info… |
CVE-2025-42906 | Medium | 5.3 | 2025-10-14 | SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses wh… |
CVE-2025-27435 | Medium | 4.2 | 2025-04-08 | Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaig… |
CVE-2024-47577 | Low | 2.7 | 2024-12-10 | Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for… |