Security Advisory

CVE-2025-24875

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-11 00:37:32

Last updated 2025-02-18 18:05:00

Assigner sap

State PUBLISHED

Description

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues.

← Browse all CVEs View on cve.org ↗