Primary

Context

SAP Commerce Clickjacking Vulnerability via Deprecated X-FRAME-OPTIONS Header

Vulnerability

A vulnerability exists in SAP Commerce (Backoffice) due to the use of the outdated X-FRAME-OPTIONS header for clickjacking protection. While this method is currently effective, it may become inadequate in the future as browsers could phase out support for this header in favor of the frame-ancestors Content Security Policy directive. If that occurs, clickjacking could be feasible, potentially leading to the exposure and unauthorized modification of sensitive information.

Impact

Exploitation of this vulnerability could allow clickjacking attacks, leading to the exposure and modification of sensitive information.

Remediation

Users are advised to review and implement the latest SAP Security Notes. For guidance on accessing and applying these security updates, refer to the SAP Security Notes FAQs.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

6.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.0

exploitability

6.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Commerce Clickjacking Vulnerability via Deprecated X-FRAME-OPTIONS Header

Vulnerability

Impact

Remediation

Affected Products

SAP Commerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating