Описание
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.
Ссылки
- Permissions RequiredVendor Advisory
- Broken LinkVendor Advisory
- Permissions RequiredVendor Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:commerce_cloud:6.6:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:6.7:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1808:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1811:*:*:*:*:*:*:*
cpe:2.3:a:sap:commerce_cloud:1905:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00408
Низкий
9.3 Critical
CVSS3
9.3 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 9.3
github
больше 3 лет назад
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.
EPSS
Процентиль: 61%
0.00408
Низкий
9.3 Critical
CVSS3
9.3 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-611