← voltar
CVE-2025-26654

Potential information disclosure vulnerability in SAP Commerce Cloud (Public Cloud)

CVSS 6.8 MEDIUMEPSS 0.2%CWE-319
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 abr 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect.
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Produtos afetados
SAP_SE · SAP Commerce Cloud (Public Cloud)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3543274https://url.sap/sapsecuritypatchday