SB2026071484 - Use of hard-coded credentials in SAP Commerce Cloud
Published: July 14, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Use of hard-coded credentials (CVE-ID: CVE-2026-44761)
CWE-ID: CWE-798 - Use of Hard-coded Credentials
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Red
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information and modify data.
The vulnerability exists due to use of insecure sample credentials in SAP Commerce Cloud when exposed services are deployed with default credentials. A remote attacker can authenticate with sample credentials to gain unauthorized access to sensitive information and modify data.
Remediation
Install update from vendor's website.