CVE-2025-27434 Information
Mar 12, 2025
cve
Description
Due to insufficient input validation SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources which can be leveraged by an attacker to execute a cross-site scripting (XSS) attack. This could lead to a high impact on the confidentiality integrity and availability of data in SAP Commerce.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://me.sap.com/notes/3569602 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: