Back to CVE List

CVE-2026-44761

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.1 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Description

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-1392
Source
NVD
Vendor
SAP_SE
Product
SAP Commerce Cloud

External References

Discussion (0)

Add Comment

No comments yet. Be the first!