{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T19:12:17.778","vulnerabilities":[{"cve":{"id":"CVE-2025-27435","sourceIdentifier":"cna@sap.com","published":"2025-04-08T08:15:16.550","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application."},{"lang":"es","value":"Bajo ciertas condiciones y requisitos previos, un atacante no autenticado podría acceder a los códigos de cupón de los clientes expuestos en los parámetros de la URL de la campaña de cupones en SAP Commerce. Esto podría permitirle usar el código de cupón revelado, lo que afectaría mínimamente a la confidencialidad e integridad de la aplicación.\n"}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://me.sap.com/notes/3539465","source":"cna@sap.com"},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com"}]}}]}