SAP Product Security Update Advisory (CVE-2024-33003)

Overview

 

An update has been released to address vulnerabilities in the SAP products. Users of the affected versions are advised to update to the latest version.

Affected Products

 

CVE-2024-33003

SAP Commerce Cloud

  • HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 versions
  • COM_CLOUD 2211 version

 

Resolved Vulnerabilities

 

Vulnerability in some OCC API endpoints in SAP Commerce Cloud that allows personally identifiable information (PII) data, such as passwords, email addresses, cell phone numbers, coupon codes, and voucher codes, to be included in the request URL as a query or path parameter (CVE-2024-33003)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-33003

  • See Referenced Sites[2] to update

 

 

References

 

[1] CVE-2024-33003 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-33003

[2] sap/notes/3459935

https://me.sap.com/notes/3459935

Article Link: SAP Product Security Update Advisory (CVE-2024-33003) – ASEC