Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
[CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce
Vulnerability Description
In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this can also grant access to other non-isolated early login sites, even if registration is not enabled for those other sites.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
SAP Commerce 授权问题漏洞
Vulnerability Description
SAP Commerce是德国思爱普(SAP)公司的一套基于云的电子商务平台。该产支持销售管理、营销管理、订单管理和运营管理等。 SAP Commerce 存在授权问题漏洞,该漏洞源于用户可以滥用忘记密码功能,获得对已激活早期登录和注册的可组合商店B2B网站的访问权限,而无需商家事先批准账户。如果网站未配置为隔离站点,这也可以授予对其他非隔离早期登录站点的访问权限,即使这些其他站点未启用注册。
CVSS Information
N/A
Vulnerability Type
N/A