CVE-2020-6238 is a vulnerability in SAP Commerce Cloud
Published on April 14, 2020
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.
Products Associated with CVE-2020-6238
Want to know whenever a new CVE is published for SAP Commerce Cloud? stack.watch will email you.
Affected Versions
SAP SE SAP Commerce:- Version < 6.6 is affected.
- Version < 6.7 is affected.
- Version < 1808 is affected.
- Version < 1811 is affected.
- Version < 1905 is affected.
Exploit Probability
EPSS
0.41%
Percentile
60.78%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.