CVE-2024-33003

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-200
View all →

Vulnerability Description

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a High impact on confidentiality and integrity of the application.

Related Vulnerabilities

CVE-2010-2783

CRITICAL
CVSS:9.1(Critical)

IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.

CWE-2002010

CVE-2015-2254

CRITICAL
CVSS:9.1(Critical)

Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compro...

CWE-2002015

CVE-2015-5041

CRITICAL
CVSS:9.1(Critical)

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject d...

CWE-2002015

CVE-2016-0903

CRITICAL
CVSS:9.1(Critical)

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data v...

CWE-2002016

CVE-2016-3312

CRITICAL
CVSS:9.1(Critical)

ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Infor...

CWE-2002016

CVE-2017-0879

CRITICAL
CVSS:9.1(Critical)

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.

CWE-2002017