Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP Commerce (SAP Hybris Commerce) by SAP

    CVE-2018-2505 (GCVE-0-2018-2505)

    Vulnerability from cvelistv5 – Published: 2018-12-11 23:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).
    Severity
    No CVSS data available.
    CWE
    • Code Injection
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SAP Commerce (SAP Hybris Commerce) Affected: 6.2
    Affected: 6.3
    Affected: 6.4
    Affected: 6.5
    Affected: 6.6
    Affected: 6.7
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:34.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2711425"
              },
              {
                "name": "106151",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106151"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Commerce (SAP Hybris Commerce)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "status": "affected",
                  "version": "6.7"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2711425"
            },
            {
              "name": "106151",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106151"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2505",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Commerce (SAP Hybris Commerce)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "6.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.3"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.5"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.6"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2711425",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2711425"
                },
                {
                  "name": "106151",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106151"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2505",
        "datePublished": "2018-12-11T23:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:34.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2505 (GCVE-0-2018-2505)

    Vulnerability from nvd – Published: 2018-12-11 23:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).
    Severity
    No CVSS data available.
    CWE
    • Code Injection
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SAP Commerce (SAP Hybris Commerce) Affected: 6.2
    Affected: 6.3
    Affected: 6.4
    Affected: 6.5
    Affected: 6.6
    Affected: 6.7
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:34.371Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2711425"
              },
              {
                "name": "106151",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106151"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Commerce (SAP Hybris Commerce)",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2"
                },
                {
                  "status": "affected",
                  "version": "6.3"
                },
                {
                  "status": "affected",
                  "version": "6.4"
                },
                {
                  "status": "affected",
                  "version": "6.5"
                },
                {
                  "status": "affected",
                  "version": "6.6"
                },
                {
                  "status": "affected",
                  "version": "6.7"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2711425"
            },
            {
              "name": "106151",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106151"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2505",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Commerce (SAP Hybris Commerce)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "6.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.3"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.5"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.6"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2711425",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2711425"
                },
                {
                  "name": "106151",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106151"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2505",
        "datePublished": "2018-12-11T23:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:34.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }