{"cve":{"cve_id":"CVE-2024-33003","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00475,"epss_percentile":0.37315,"epss_as_of":"2026-06-23","description":"Some OCC API endpoints in SAP Commerce Cloud\nallows Personally Identifiable Information (PII) data, such as passwords, email\naddresses, mobile numbers, coupon codes, and voucher codes, to be included in\nthe request URL as query or path parameters. On successful exploitation, this\ncould lead to a High impact on confidentiality and integrity of the\napplication.","published_at":"2024-08-13T03:36:55.034000Z","last_modified_at":null,"cvss_v3_score":7.4,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-200"],"nvd_references":["https://me.sap.com/notes/3459935","https://url.sap/sapsecuritypatchday"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:59:18.546730Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-commerce-cloud","product_name":"SAP Commerce Cloud","version_start":"HY_COM 1808","version_start_inclusive":true,"version_end":"HY_COM 1808","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-commerce-cloud:HY_COM 1808:HY_COM 1808"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-commerce-cloud","product_name":"SAP Commerce Cloud","version_start":"1811","version_start_inclusive":true,"version_end":"1811","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-commerce-cloud:1811:1811"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-commerce-cloud","product_name":"SAP Commerce Cloud","version_start":"1905","version_start_inclusive":true,"version_end":"1905","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-commerce-cloud:1905:1905"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-commerce-cloud","product_name":"SAP Commerce Cloud","version_start":"2005","version_start_inclusive":true,"version_end":"2005","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-commerce-cloud:2005:2005"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-commerce-cloud","product_name":"SAP Commerce Cloud","version_start":"2105","version_start_inclusive":true,"version_end":"2105","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-commerce-cloud:2105:2105"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-commerce-cloud","product_name":"SAP Commerce Cloud","version_start":"2011","version_start_inclusive":true,"version_end":"2011","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-commerce-cloud:2011:2011"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-commerce-cloud","product_name":"SAP Commerce Cloud","version_start":"2205","version_start_inclusive":true,"version_end":"2205","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-commerce-cloud:2205:2205"},{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-commerce-cloud","product_name":"SAP Commerce Cloud","version_start":"COM_CLOUD 2211","version_start_inclusive":true,"version_end":"COM_CLOUD 2211","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-commerce-cloud:COM_CLOUD 2211:COM_CLOUD 2211"}],"exploit_refs":[],"news":[],"references":[{"url":"https://me.sap.com/notes/3459935","source_type":"MISC","tags":[]},{"url":"https://url.sap/sapsecuritypatchday","source_type":"MISC","tags":["patch"]}],"timeline":[{"type":"published","at":"2024-08-13T03:36:55.034000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:35:40.320843Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:35:40.320843Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:35:40.320843Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:59:18.546730Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:59:18.546730Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:59:18.546730Z","label":"SSVC decision revised","source":"vulnrichment"}]}