How severe is CVE-2023-37486?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-37486?

This is classified as CWE-524, which is a common weakness in software security.

CVE-2023-37486

HIGH Year: 2023

CVSS v3 Score

7.5

High

Weakness Type

CWE-524

View all →

Vulnerability Description

Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application.

CVE-2021-24027

HIGH

CVSS:7.5(High)

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read ca...

CWE-5242021

CVE-2024-27917

HIGH

CVSS:7.5(High)

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are ...

CWE-5242024

CVE-2024-45596

HIGH

CVSS:7.4(High)

Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authentication...

CWE-5242024

CVE-2024-12314

HIGH

CVSS:7.2(High)

The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible...

CWE-5242024

CVE-2024-41906

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service....

CWE-5242024