4 matches found
CVE-2025-24875
SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...
CVE-2025-24875
CVE-2025-24875 corresponds to SAP Commerce where the Backoffice authentication cookies are by default configured with SameSite=None. Root cause: cookies set to None, weakening CSRF protections. Impact: CSRF risk with potential confidentiality/integrity concerns; exploitation status not detailed i...
CVE-2025-24875 SameSite Defense in Depth not applied for some cookies in SAP Commerce
SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...
CVE-2025-24875 SameSite Defense in Depth not applied for some cookies in SAP Commerce
SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...