← voltar
CVE-2025-42906

Directory Traversal vulnerability in SAP Commerce Cloud

CVSS 5.3 MEDIUMEPSS 0.4%CWE-22
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
SAP_SE · SAP Commerce Cloud

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3634724https://url.sap/sapsecuritypatchday