← volver
CVE-2025-26654

Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)

CVSS 6.8 MEDIUMEPSS 0.2%CWE-319
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 abr 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect.
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Productos afectados
SAP_SE · SAP Commerce Cloud (Public Cloud)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://me.sap.com/notes/3543274https://url.sap/sapsecuritypatchday