Primary

Context

SAP Commerce Coupon Code Exposure Vulnerability

Vulnerability

A vulnerability exists in SAP Commerce that allows an unauthenticated attacker to access customer coupon codes through the URL parameters of the Coupon Campaign URL. This exposure could enable the attacker to misuse the disclosed coupon codes, resulting in a low impact on the application's confidentiality and integrity.

Impact

Exploitation of this vulnerability could lead to unauthorized access to coupon codes, allowing for their misuse in the application.

Remediation

Users are advised to review and implement the SAP Security Notes available in SAP for Me. These notes contain important security patches and guidance. For details on the SAP Security Patch Day schedule and how to access SAP Security Notes, refer to the SAP Security Notes FAQ.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.3

exploitability

7.6

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Commerce Coupon Code Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SAP Commerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating