Race condition vulnerability in SAP Commerce Cloud_CVE-2026-23684

5.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on data integrity, with no impact on data confidentiality or availability of the application.

Basic Information

ID CVE-2026-23684

Source sap

Published Feb 10, 2026 at 03:02

Affected Product

Vendor SAP_SE

Product SAP Commerce Cloud

Version HY_COM 2205

Affected Versions SAP_SE SAP Commerce Cloud HY_COM 2205
SAP_SE SAP Commerce Cloud COM_CLOUD 2211
SAP_SE SAP Commerce Cloud 2211-JDK21

CWE Classification

CWE-366

References

{
    "lastseen": "",
    "description": "A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on data integrity, with no impact on data confidentiality or availability of the application.",
    "published": "2026-02-10T03:02:14.829Z",
    "modified": "2026-02-10T03:02:14.829Z",
    "type": "cve",
    "title": "Race condition vulnerability in SAP Commerce Cloud",
    "source": "sap",
    "references": "https://me.sap.com/notes/3689543\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-23684",
    "bulletinFamily": "",
    "cwe": [
        "CWE-366"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Commerce Cloud HY_COM 2205\nSAP_SE SAP Commerce Cloud COM_CLOUD 2211\nSAP_SE SAP Commerce Cloud 2211-JDK21",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Commerce Cloud",
    "version": "HY_COM 2205",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}