Every CVE whose affected-product data names Sap Commerce, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2021-27602 — CVSS 9.9 (critical): SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which…
CVE-2021-21477 — CVSS 9.9 (critical): SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an…
CVE-2021-42064 — CVSS 9.8 (critical): If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP…
CVE-2020-6265 — CVSS 9.8 (critical): SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass…
CVE-2021-40502 — CVSS 8.8 (high): SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user…
CVE-2022-41204 — CVSS 8.8 (high): An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They…
CVE-2020-6302 — CVSS 8.1 (high): SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially…
CVE-2020-6264 — CVSS 7.5 (high): SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise…
CVE-2021-27619 — CVSS 6.5 (medium): SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are…
CVE-2024-41733 — CVSS 5.3 (medium): In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential…