CVE-2025-26654 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a…
Medium CVSS: 6.8

CVE-2025-26654

SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect.
Vendor
-
Product
-
CWE
CWE-319
Yayın Tarihi
2025-04-08 08:15:15
Güncelleme
2025-04-08 18:13:53
Source Identifier
cna@sap.com
KEV Date Added
-

Kategoriler

CWE-319 MEDIUM 2025

Referanslar

https://me.sap.com/notes/3543274 https://url.sap/sapsecuritypatchday