CVE-2020-6238

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.
References
Link Resource
https://launchpad.support.sap.com/#/notes/2904480 Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 Broken Link Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-14 19:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-6238

Mitre link : CVE-2020-6238

CVE.ORG link : CVE-2020-6238


JSON object : View

Products Affected

sap

  • commerce_cloud
CWE
CWE-611

Improper Restriction of XML External Entity Reference