Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In SAP Commerce, valid user accounts can beidentified during the customer registration and login processes. This allows apotential attacker to learn if a given e-mail is used for an account, but doesnot grant access to any customer data beyond this knowledge. The attacker mustalready know the e-mail that they wish to test for. The impact onconfidentiality therefore is low and no impact to integrity or availability
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds