Symptom
- The issue was detected on non-transactional pages where a lack of rate limiting was found on the email parameter, but is related to all of such kind of pages as well.
- This issue allows multiple requests to be sent in a very short time, which can flood the admin account with many emails - here in our example with email parameter.
- The issue can lead to API server performance issues due to the exhaustion of API resources such as CPU, storage, and system memory.
- Preventing the 429 html error from occurring.
Read more...
Environment
SAP Commerce Cloud Composable Storefront
SAP Commerce Cloud Spartacus
Product
SAP Commerce Cloud, composable storefront all versions
Keywords
DAST security issue, SAP Commerce Cloud, Composable Storefront, rate limiting, Email Parameter, API resources, Web Application Firewall, WAF, non-transactional pages, SPA vulnerabilities , KBA , CEC-SPA , SAP Commerce Cloud Spartacus , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.