Sap_se Sap Commerce
4 CVEs affecting Sap_se Sap Commerce. Latest disclosed: 2025-02-11. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-39439 | High | 8.8 | 2023-08-08 | SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase. |
CVE-2024-39597 | High | 7.2 | 2024-07-09 | In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registrati… |
CVE-2025-24875 | Medium | 6.8 | 2025-02-11 | SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in… |
CVE-2024-41733 | Medium | 5.3 | 2024-08-13 | In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a giv… |