{"vulnerability": "cve-2024-3300", "sightings": [{"uuid": "d7d9e8bd-c160-46db-acfb-758e2f3cf974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33003", "type": "seen", "source": "https://t.me/cvedetector/2958", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-33003 - SAP Commerce Cloud OCC API Insufficient Data in URL Parameters Information Disclosure and Data Leaking\", \n  \"Content\": \"CVE ID : CVE-2024-33003 \nPublished : Aug. 13, 2024, 4:15 a.m. | 40\u00a0minutes ago \nDescription : Some OCC API endpoints in SAP Commerce Cloud  \nallows Personally Identifiable Information (PII) data, such as passwords, email  \naddresses, mobile numbers, coupon codes, and voucher codes, to be included in  \nthe request URL as query or path parameters. On successful exploitation, this  \ncould lead to a High impact on confidentiality and integrity of the  \napplication. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T07:04:09.000000Z"}, {"uuid": "971d9866-0e42-4a48-95f3-ccd91355bd30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-3300", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-3300.yaml", "content": "", "creation_timestamp": "2025-04-08T15:02:26.000000Z"}, {"uuid": "30a83a01-d36e-40e3-b593-b8e5927b661b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33005", "type": "seen", "source": "https://t.me/cvedetector/2957", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-33005 - SAP Impersonation Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-33005 \nPublished : Aug. 13, 2024, 4:15 a.m. | 40\u00a0minutes ago \nDescription : Due to the missing authorization checks in the  \nlocal systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application  \nServer (ABAP and Java), and SAP Content Server can impersonate other users and  \nmay perform some unintended actions. This could lead to a low impact on  \nconfidentiality and a high impact on the integrity and availability of the  \napplications. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T07:04:08.000000Z"}, {"uuid": "cce190a0-a01b-4fc9-8933-4a64f1e46616", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-33006", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/414", "content": "\u200aCVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover\n\nhttps://securityonline.info/cve-2024-33006-critical-sap-vulnerability-exposes-systems-to-complete-takeover/", "creation_timestamp": "2024-05-14T17:13:02.000000Z"}]}