Login Sign Up

CVE-2023-42481

8.1 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows locked B2B users in SAP Commerce Cloud to bypass account restrictions by exploiting the forgotten password functionality when using Composable Storefront. Attackers can regain access to their accounts despite being locked, compromising confidentiality and integrity. Affected systems include specific versions of SAP Commerce Cloud with Composable Storefront.

💻 Affected Systems

Products:
  • SAP Commerce Cloud
Versions: HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211
Operating Systems: Not OS-specific
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when using SAP Commerce Cloud - Composable Storefront as the storefront.

📦 What is this software?

Commerce Cloud by Sap

View all CVEs affecting Commerce Cloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Locked malicious users regain full account access, potentially leading to unauthorized data access, privilege escalation, or business logic manipulation.

🟠

Likely Case

Locked users bypass security controls to regain account access, enabling unauthorized actions within their original permissions.

🟢

If Mitigated

Proper access controls prevent account reactivation, maintaining account lock integrity with minimal impact.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires a locked B2B user account and access to the forgotten password functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Note 3394567

Vendor Advisory: https://me.sap.com/notes/3394567

Restart Required: Yes

Instructions:

1. Access SAP Note 3394567. 2. Apply the provided security patch. 3. Restart SAP Commerce Cloud services. 4. Verify the fix.

🔧 Temporary Workarounds

Disable Forgotten Password for B2B Users

all

Temporarily disable the forgotten password functionality for B2B user accounts to prevent exploitation.

Configure via SAP Commerce Cloud administration console

Implement Additional Access Controls

all

Add custom validation to check account lock status before processing forgotten password requests.

Implement custom extension in SAP Commerce Cloud

🧯 If You Can't Patch

  • Monitor and audit B2B user account unlock activities for suspicious patterns.
  • Implement network segmentation to limit access to vulnerable systems.

🔍 How to Verify

Check if Vulnerable:

Check if using affected SAP Commerce Cloud versions with Composable Storefront and test if locked B2B users can regain access via forgotten password.

Check Version:

Check SAP Commerce Cloud version via administration console or system logs.

Verify Fix Applied:

After applying SAP Note 3394567, verify that locked B2B users cannot regain access through forgotten password functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual password reset requests from locked B2B user accounts
  • Account unlock events without proper authorization

Network Indicators:

  • Increased traffic to password reset endpoints from locked accounts

SIEM Query:

Search for 'password reset' AND 'locked account' in SAP Commerce Cloud logs.

📊 Metadata

CVE ID: CVE-2023-42481
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-640
Published: December 12, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42481, you might also want to check these:

CVE-2023-7028 10.0

This critical vulnerability in GitLab allows attackers to hijack user accounts by intercepting passw...

Same vulnerability type (CWE-640)
CVE-2025-63314 10.0

CVE-2025-63314 is a critical authentication bypass vulnerability in DDSN Interactive Acora CMS v10.7...

Same vulnerability type (CWE-640)
CVE-2021-22731 9.8

This vulnerability allows remote attackers to change passwords on Modicon Managed Switches without a...

Same vulnerability type (CWE-640)