Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hybris vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-2505
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).
Sap Hybris 6.2
Sap Hybris 6.4
Sap Hybris 6.5
Sap Hybris 6.6
Sap Hybris 6.3
Sap Hybris 6.7
5
CVSSv2
CVE-2014-8871
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and previous versions, 5.0.0.3 and previous versions, 5.0.4.4 and previous versions, 5.1.0.1 and previous versions, 5.1.1.2 and previous versions, 5.2.0.3 and previous versions, and 5.3.0.1 and previous v...
Sap Hybris
4.3
CVSSv2
CVE-2016-6856
Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris prior to 6.0 allows remote malicious users to inject arbitrary web script or HTML via the itemsperpage parameter.
Sap Hybris
3.5
CVSSv2
CVE-2016-6858
Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris prior to 5.0.4.11, 5.1.0.x prior to 5.1.0.11, 5.1.1.x prior to 5.1.1.12, 5.2.0.x and 5.3.0.x prior to 5.3.0.10, 5.4.x prior to 5.4.0.9, 5.5.0.x prior to 5.5.0....
Sap Hybris
5
CVSSv2
CVE-2018-2463
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
Sap Hybris
4
CVSSv2
CVE-2016-6859
Hybris Management Console (HMC) in SAP Hybris prior to 6.0 allows remote malicious users to obtain sensitive information by triggering an error and then reading a Java stack trace.
Sap Hybris
4.3
CVSSv2
CVE-2019-0238
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Hybris
1 Article
3.5
CVSSv2
CVE-2016-6857
Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris prior to 5.2.0.13, 5.3.x prior to 5.3.0.11, 5.4.x prior to 5.4.0.11, 5.5.0.x prior to 5.5.0.10, 5.5.1.x prior to 5.5.1.11, 5.6.x prior to 5.6.0.11, and 5.7.x ...
Sap Hybris
5
CVSSv2
CVE-2020-26811
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated malicious user to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request l...
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1808
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1811
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1905
Sap Commerce Cloud \\(accelerator Payment Mock\\) 2005
5
CVSSv2
CVE-2019-0322
SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an malicious user to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Sap Commerce Cloud 6.6
Sap Commerce Cloud 1808
Sap Commerce Cloud 6.3
Sap Commerce Cloud 6.4
Sap Commerce Cloud 6.5
Sap Commerce Cloud 6.7
Sap Commerce Cloud 1811
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »