CVE-2024-39597

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-285
View all →

Vulnerability Description

In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this can also grant access to other non-isolated early login sites, even if registration is not enabled for those other sites.

Related Vulnerabilities

CVE-2015-3656

HIGH
CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authoriz...

CWE-2852015

CVE-2016-10848

HIGH
CVSS:7.2(High)

cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).

CWE-2852016

CVE-2017-12160

HIGH
CVSS:7.2(High)

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission rev...

CWE-2852017

CVE-2017-8777

HIGH
CVSS:7.2(High)

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.

CWE-2852017

CVE-2018-14666

HIGH
CVSS:7.2(High)

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organizat...

CWE-2852018

CVE-2019-1859

HIGH
CVSS:7.2(High)

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to passwo...

CWE-2852019