- Description
- Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application.
- Source
- cna@sap.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 4.2
- Impact score
- 2.5
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- cna@sap.com
- CWE-862
- Hype score
- Not currently trending
🚨 CVE-2025-27435 🟠 MEDIUM (4.2) 🏢 SAP_SE - SAP Commerce Cloud 🏗️ HY_COM 2205 🔗 https://t.co/fsUchCGTnu 🔗 https://t.co/f5sXJgkGmG #CyberCron #VulnAlert #InfoSec https://t.co/m4myWI8t07
@cybercronai
9 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27435 Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL i… https://t.co/FPjdQULmoe
@CVEnew
8 Apr 2025
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes