Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26654

SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect.

Published

2025-04-08T08:15:15.903

Last Modified

2025-04-08T18:13:53.347

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-319

Affected Vendors & Products

References

https://me.sap.com/notes/3543274 ([email protected])
https://url.sap/sapsecuritypatchday ([email protected])