Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SameSite Defense in Depth not applied for some cookies in SAP Commerce
Vulnerability Description
SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
SAP Commerce 跨站请求伪造漏洞
Vulnerability Description
SAP Commerce是德国思爱普(SAP)公司的一套基于云的电子商务平台。该产支持销售管理、营销管理、订单管理和运营管理等。 SAP Commerce存在跨站请求伪造漏洞,该漏洞源于存在配置不当,会导致跨站请求伪造防御减弱及兼容性问题。
CVSS Information
N/A
Vulnerability Type
N/A