Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hybris vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-26811
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated malicious user to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request l...
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1808
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1811
Sap Commerce Cloud \\(accelerator Payment Mock\\) 1905
Sap Commerce Cloud \\(accelerator Payment Mock\\) 2005
668
VMScore
CVE-2019-0344
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
Sap Commerce Cloud 6.4
Sap Commerce Cloud 6.6
Sap Commerce Cloud 1808
Sap Commerce Cloud 1811
Sap Commerce Cloud 1905
Sap Commerce Cloud 6.5
Sap Commerce Cloud 6.7
1 Article
445
VMScore
CVE-2019-0322
SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an malicious user to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Sap Commerce Cloud 6.6
Sap Commerce Cloud 1808
Sap Commerce Cloud 6.3
Sap Commerce Cloud 6.4
Sap Commerce Cloud 6.5
Sap Commerce Cloud 6.7
Sap Commerce Cloud 1811
383
VMScore
CVE-2019-0238
SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Hybris
1 Article
383
VMScore
CVE-2018-2505
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).
Sap Hybris 6.2
Sap Hybris 6.4
Sap Hybris 6.5
Sap Hybris 6.6
Sap Hybris 6.3
Sap Hybris 6.7
445
VMScore
CVE-2018-2463
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.
Sap Hybris
445
VMScore
CVE-2014-8871
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and previous versions, 5.0.0.3 and previous versions, 5.0.4.4 and previous versions, 5.1.0.1 and previous versions, 5.1.1.2 and previous versions, 5.2.0.3 and previous versions, and 5.3.0.1 and previous v...
Sap Hybris
383
VMScore
CVE-2016-6856
Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris prior to 6.0 allows remote malicious users to inject arbitrary web script or HTML via the itemsperpage parameter.
Sap Hybris
312
VMScore
CVE-2016-6857
Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris prior to 5.2.0.13, 5.3.x prior to 5.3.0.11, 5.4.x prior to 5.4.0.11, 5.5.0.x prior to 5.5.0.10, 5.5.1.x prior to 5.5.1.11, 5.6.x prior to 5.6.0.11, and 5.7.x ...
Sap Hybris
312
VMScore
CVE-2016-6858
Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris prior to 5.0.4.11, 5.1.0.x prior to 5.1.0.11, 5.1.1.x prior to 5.1.1.12, 5.2.0.x and 5.3.0.x prior to 5.3.0.10, 5.4.x prior to 5.4.0.9, 5.5.0.x prior to 5.5.0....
Sap Hybris
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »