CVE-2020-6238
published 2020-04-14CVE-2020-6238: SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML…
critical9.3CVSS 3.1
AVNACLPRNUINSCCHINAL
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap | commerce_cloud | — | — |
| sap_se | sap_commerce | < 6.6 | 6.6 |
| sap_se | sap_commerce | < 6.7 | 6.7 |
| sap_se | sap_commerce | < 1808 | 1808 |
| sap_se | sap_commerce | < 1811 | 1811 |
| sap_se | sap_commerce | < 1905 | 1905 |