Lucene search
K

4 matches found

NVD
NVD
added 2025/02/11 1:15 a.m.7 views

CVE-2025-24875

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...

6.8CVSS0.00169EPSS
Exploits0References2
CVE
CVE
added 2025/02/11 12:37 a.m.64 views

CVE-2025-24875

CVE-2025-24875 corresponds to SAP Commerce where the Backoffice authentication cookies are by default configured with SameSite=None. Root cause: cookies set to None, weakening CSRF protections. Impact: CSRF risk with potential confidentiality/integrity concerns; exploitation status not detailed i...

6.8CVSS6.7AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/11 12:37 a.m.12 views

CVE-2025-24875 SameSite Defense in Depth not applied for some cookies in SAP Commerce

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...

6.8CVSS0.00169EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/11 12:37 a.m.5 views

CVE-2025-24875 SameSite Defense in Depth not applied for some cookies in SAP Commerce

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None SameSite=None. This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues...

6.8CVSS6.8AI score0.00169EPSS
Exploits0References2
Rows per page
Query Builder