CVE-2023-42481

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 12, 2023
Updated: Dec 13, 2023
CWE ID 284

Summary

CVE-2023-42481 affects multiple versions of SAP Commerce Cloud, including HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, and COM_CLOUD 2211. A security flaw in the system allows a locked B2B user to exploit the forgotten password functionality to regain access to their account, bypassing the intended account lockout mechanism. This vulnerability poses a significant risk to confidentiality and integrity, as unauthorized users may gain access to sensitive information or make unapproved changes to data. The issue arises due to weak access controls in the SAP Commerce Cloud - Composable Storefront.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share