CVE-2025-27435
published 2025-04-08CVE-2025-27435: Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon…
medium4.2CVSS 3.1
AVNACHPRNUIRSUCLILAN
Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_hyperv-daemons_6.6.22.1-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_hyperv-daemons_6.6.35.1-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0 | — | — |
| sap_se | sap_commerce_cloud | — | — |
| sap_se | sap_commerce_cloud | — | — |