SAP Knowledge Base Article - Preview

3525343 - Potential security issue: lack of rate limiting - multiple requests send in a very short time

Symptom

  • The issue was detected on non-transactional pages where a lack of rate limiting was found on the email parameter, but is related to all of such kind of pages as well. 
  • This issue allows multiple requests to be sent in a very short time, which can flood the admin account with many emails - here in our example with email parameter.
  • The issue can lead to API server performance issues due to the exhaustion of API resources such as CPU, storage, and system memory.
  • Preventing the 429 html error from occurring.


Read more...

Environment

SAP Commerce Cloud Composable Storefront
SAP Commerce Cloud Spartacus

Product

SAP Commerce Cloud, composable storefront all versions

Keywords

DAST security issue, SAP Commerce Cloud, Composable Storefront, rate limiting, Email Parameter, API resources, Web Application Firewall, WAF, non-transactional pages, SPA vulnerabilities , KBA , CEC-SPA , SAP Commerce Cloud Spartacus , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.