Overview
An update has been released to address vulnerabilities in the SAP products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-33003
SAP Commerce Cloud
- HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 versions
- COM_CLOUD 2211 version
Resolved Vulnerabilities
Vulnerability in some OCC API endpoints in SAP Commerce Cloud that allows personally identifiable information (PII) data, such as passwords, email addresses, cell phone numbers, coupon codes, and voucher codes, to be included in the request URL as a query or path parameter (CVE-2024-33003)
Vulnerability Patches
The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-33003
- See Referenced Sites[2] to update
References
[1] CVE-2024-33003 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-33003
[2] sap/notes/3459935
https://me.sap.com/notes/3459935
Article Link: SAP Product Security Update Advisory (CVE-2024-33003) – ASEC