漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
SameSite Defense in Depth not applied for some cookies in SAP Commerce
Vulnerability Description
SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
SAP Commerce 跨站请求伪造漏洞
Vulnerability Description
SAP Commerce是德国思爱普(SAP)公司的一套基于云的电子商务平台。该产支持销售管理、营销管理、订单管理和运营管理等。 SAP Commerce存在跨站请求伪造漏洞,该漏洞源于存在配置不当,会导致跨站请求伪造防御减弱及兼容性问题。
CVSS Information
N/A
Vulnerability Type
N/A