CVE-2020-6238

Summary

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Commerce< 6.6affected
SAP SESAP Commerce< 6.7affected
SAP SESAP Commerce< 1808affected
SAP SESAP Commerce< 1811affected
SAP SESAP Commerce< 1905affected

Weaknesses

  • Missing XML Validation

ADP Enrichment

CVE Program Container

Additional References

References