Primary

Context

SAP Commerce SameSite Cookie Vulnerability in Authentication Cookies

Vulnerability

A vulnerability exists in SAP Commerce due to certain cookies, including authentication cookies used in SAP Commerce Backoffice, being set with the SameSite attribute configured to None. This default setting weakens protection against Cross-Site Request Forgery (CSRF) attacks and may cause compatibility issues in the future.

Impact

The vulnerability may lead to increased risk of CSRF attacks and potential future compatibility issues.

Remediation

Users are advised to review and implement the guidance provided in the SAP Security Notes. SAP Security Patch Day occurs on the second Tuesday of each month, when SAP publishes important security updates. For more information, consult the SAP Security Notes FAQ.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Commerce SameSite Cookie Vulnerability in Authentication Cookies

Vulnerability

Impact

Remediation

Affected Products

SAP Commerce

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating