Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2021-27619

SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure.

  • Published: May 11, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-27619
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
sap / commerce 1808 1808.x
sap / commerce 1811 1811.x
sap / commerce 1905 1905.x
sap / commerce 2005 2005.x
sap / commerce 2011 2011.x