Server-Side Request Forgery (SSRF) Vulnerability in SAP Hybris Commerce OCC API

CVE-2018-2463 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.

Learn more about our Cis Benchmark Audit For Server Software.