Information Disclosure vulnerability in SAP Commerce Cloud_CVE-2026-24321

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability.

Basic Information

ID CVE-2026-24321

Source sap

Published Feb 10, 2026 at 03:03

Affected Product

Vendor SAP_SE

Product SAP Commerce Cloud

Version HY_COM 2205

Affected Versions SAP_SE SAP Commerce Cloud HY_COM 2205
SAP_SE SAP Commerce Cloud COM_CLOUD 2211
SAP_SE SAP Commerce Cloud 2211-JDK21

CWE Classification

CWE-359

References

{
    "lastseen": "",
    "description": "SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability.",
    "published": "2026-02-10T03:03:52.708Z",
    "modified": "2026-02-10T03:03:52.708Z",
    "type": "cve",
    "title": "Information Disclosure vulnerability in SAP Commerce Cloud",
    "source": "sap",
    "references": "https://me.sap.com/notes/3687771\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-24321",
    "bulletinFamily": "",
    "cwe": [
        "CWE-359"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Commerce Cloud HY_COM 2205\nSAP_SE SAP Commerce Cloud COM_CLOUD 2211\nSAP_SE SAP Commerce Cloud 2211-JDK21",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Commerce Cloud",
    "version": "HY_COM 2205",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}