3 matches found
CVE-2025-24874
SAP Commerce Backoffice uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence,...
CVE-2025-24874
creationtimestamp| type| source ---|---|--- 2025-02-11 01:16:18+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhuida3ra42n 2025-02-11 01:41:20+00:00| seen| https://infosec.exchange/users/cve/statuses/113982706780554563 2025-02-11 03:07:48+00:00| seen|...
CVE-2025-24874 Missing Defense in Depth Against Clickjacking in SAP Commerce Backoffice
SAP Commerce Backoffice uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the frame-ancestors CSP directive. Hence,...