CRITICAL🇵🇱 Wersja polska

CVE-2020-6238

CVSS 9.3v3.1pub. 2020-04-14upd. 2024-11-21

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
  • Sap Commerce Cloud

    APP
    Sap
    1808181119056.66.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-0344CRITICAL9.8⚠ KEVten sam produkt

Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7,...

CVE-2024-33003HIGH7.4ten sam produkt

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as pa...

CVE-2023-42481HIGH8.1ten sam produkt

In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 221...

CVE-2023-39439HIGH8.8ten sam produkt

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to...

CVE-2019-0343HIGH8.8ten sam produkt

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authe...