Description
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3634724
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
5.3
EPSS
0.0006
EPSS Percentile
19.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
SAP_SE/SAP Commerce Cloud
COM_CLOUD 2211
Published
Oct 14, 2025
Tracked Since
Feb 18, 2026