CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-6238

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.3%

CVSS Severity

CVSS v3 Score 9.3

CVSS v2 Score 6.4

References

https://launchpad.support.sap.com/#/notes/2904480
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
https://launchpad.support.sap.com/#/notes/2904480
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Products affected by CVE-2020-6238

Sap » Commerce Cloud » Version: 1808

cpe:2.3:a:sap:commerce_cloud:1808
Sap » Commerce Cloud » Version: 1811

cpe:2.3:a:sap:commerce_cloud:1811
Sap » Commerce Cloud » Version: 1905

cpe:2.3:a:sap:commerce_cloud:1905
Sap » Commerce Cloud » Version: 6.6

cpe:2.3:a:sap:commerce_cloud:6.6
Sap » Commerce Cloud » Version: 6.7

cpe:2.3:a:sap:commerce_cloud:6.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-6238

Products

Pricing

Contact Us