← Retour aux CVEs
CVE-2026-24321
MEDIUM5.3
Description
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability.
Details CVE
Score CVSS v3.15.3
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/10/2026
Derniere modification2/17/2026
Sourcenvd
Observations honeypot0
Produits affectes
sap:commerce_cloud
Faiblesses (CWE)
CWE-359
References
https://me.sap.com/notes/3687771(cna@sap.com)
https://url.sap/sapsecuritypatchday(cna@sap.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.