CVE-2023-42481
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2023-42481 affects multiple versions of SAP Commerce Cloud, including HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, and COM_CLOUD 2211. A security flaw in the system allows a locked B2B user to exploit the forgotten password functionality to regain access to their account, bypassing the intended account lockout mechanism. This vulnerability poses a significant risk to confidentiality and integrity, as unauthorized users may gain access to sensitive information or make unapproved changes to data. The issue arises due to weak access controls in the SAP Commerce Cloud - Composable Storefront.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- SAP Commerce Cloud
Affected Vendors
- SAP SE