SAP Commerce Cloud Race Condition Vulnerability Leading to Data Integrity Issues

A race condition vulnerability has been identified in SAP Commerce Cloud. This vulnerability allows an attacker to manipulate the product values of items added to a shopping cart, potentially leading to erroneous values being processed at checkout. The issue significantly impacts data integrity, with no effects on data confidentiality or application availability.

Impact

Exploitation of this vulnerability can result in incorrect product values being recorded in shopping carts, which can then be processed during checkout, leading to potential discrepancies in order values or inventory management.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, specifically on the SAP Security Patch Day.