CVE-2022-41204 — HIGH (8.8)

Vulnerability Description

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sap	Commerce	1905

Related Weaknesses (CWE)

CWE-601

References

https://launchpad.support.sap.com/#/notes/3239152Permissions RequiredVendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
https://launchpad.support.sap.com/#/notes/3239152Permissions RequiredVendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory

FAQ

What is CVE-2022-41204?

CVE-2022-41204 is a vulnerability with a CVSS score of 8.8 (HIGH). An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from ...

How severe is CVE-2022-41204?

CVE-2022-41204 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-41204?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Commerce.