CVE-2020-6238 — CRITICAL (9.3)

Vulnerability Description

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Sap	Commerce Cloud	6.6

Related Weaknesses (CWE)

CWE-611

References

https://launchpad.support.sap.com/#/notes/2904480Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202Broken LinkVendor Advisory
https://launchpad.support.sap.com/#/notes/2904480Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202Broken LinkVendor Advisory

FAQ

What is CVE-2020-6238?

CVE-2020-6238 is a vulnerability with a CVSS score of 9.3 (CRITICAL). SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and av...

How severe is CVE-2020-6238?

CVE-2020-6238 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-6238?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Commerce Cloud.