How severe is CVE-2024-47577?

This vulnerability has a severity rating of LOW with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2024-47577?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2024-47577 - LOW Severity | CVSS 2.7

Vulnerability Description

Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating as authorized admin visits such server logs, then they get access to the customer data. The amount of leaked confidential data however is extremely limited, and the attacker has no control over what data is leaked.

Related Vulnerabilities

CVE-2020-4969

LOW

CVSS:2.6(Low)

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attac...

CWE-3192020

CVE-2022-0005

LOW

CVSS:2.4(Low)

Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical ac...

CWE-3192022

CVE-2019-10397

LOW

CVSS:3.1(Low)

Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.

CWE-3192019

CVE-2020-13528

LOW

CVSS:3.1(Low)

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request...

CWE-3192020

CVE-2021-29769

LOW

CVSS:3.1(Low)

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values ...

CWE-3192021

CVE-2024-11946

LOW

CVSS:3.1(Low)

iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update ...

CWE-3192024