Loading
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity.
Use CWE-640, Sap vendor hub and Commerce Cloud product page to widen CVE-2023-42481 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2020-6238, CVE-2023-39439 and CVE-2024-33003 for nearby disclosures in the same product family. Additional editorial context is available in The Weekly Cybersecurity Brief: February 13th, 2026.