CVE-2021-27619 is a vulnerability in SAP Commerce
Published on May 11, 2021

SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are masked, the user can iteratively enter one character at a time to search and determine the masked attribute value thereby leading to information disclosure.

NVD

Products Associated with CVE-2021-27619

Want to know whenever a new CVE is published for SAP Commerce? stack.watch will email you.

SAP Commerce

Affected Versions

SAP SE SAP Commerce (Backoffice Search):

Version < 1808 is affected.
Version < 1811 is affected.
Version < 1905 is affected.
Version < 2005 is affected.
Version < 2011 is affected.

Exploit Probability

EPSS

0.18%

Percentile

39.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-27619 is a vulnerability in SAP CommercePublished on May 11, 2021

Products Associated with CVE-2021-27619

Affected Versions

Exploit Probability

CVE-2021-27619 is a vulnerability in SAP Commerce
Published on May 11, 2021