CVE-2026-24311
Insecure Data Modification in SAP Customer Checkout Affecting Confidentiality
Publication date: 2026-03-10
Last updated on: 2026-03-10
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | customer_checkout | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the SAP Customer Checkout application involves the local storage of operational data using reversible protection mechanisms. This means that the data stored locally can be accessed and potentially modified by a user. When a user interacts with the system, these modifications can occur without proper validation, which may lead to changes in the system's behavior during startup.
How can this vulnerability impact me? :
This vulnerability can have a high impact on the confidentiality and integrity of the SAP Customer Checkout application. Unauthorized modifications to operational data could alter system behavior, potentially leading to compromised data confidentiality and integrity. The impact on availability is considered low.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know