CVE-2020-6238 Information

Description

SAP Commerce versions - 6.6 6.7 1808 1811 1905 does not process XML input securely in the Rest API from Servlet xyformsweb leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Reference

https://launchpad.support.sap.com//notes/2904480 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

LOW

Base Severity

9.3